# Actions


The following actions are supported:
+  [AcceptAdministratorInvitation](API_AcceptAdministratorInvitation.md) 
+  [AcceptInvitation](API_AcceptInvitation.md) 
+  [ArchiveFindings](API_ArchiveFindings.md) 
+  [CreateDetector](API_CreateDetector.md) 
+  [CreateFilter](API_CreateFilter.md) 
+  [CreateIPSet](API_CreateIPSet.md) 
+  [CreateMalwareProtectionPlan](API_CreateMalwareProtectionPlan.md) 
+  [CreateMembers](API_CreateMembers.md) 
+  [CreatePublishingDestination](API_CreatePublishingDestination.md) 
+  [CreateSampleFindings](API_CreateSampleFindings.md) 
+  [CreateThreatEntitySet](API_CreateThreatEntitySet.md) 
+  [CreateThreatIntelSet](API_CreateThreatIntelSet.md) 
+  [CreateTrustedEntitySet](API_CreateTrustedEntitySet.md) 
+  [DeclineInvitations](API_DeclineInvitations.md) 
+  [DeleteDetector](API_DeleteDetector.md) 
+  [DeleteFilter](API_DeleteFilter.md) 
+  [DeleteInvitations](API_DeleteInvitations.md) 
+  [DeleteIPSet](API_DeleteIPSet.md) 
+  [DeleteMalwareProtectionPlan](API_DeleteMalwareProtectionPlan.md) 
+  [DeleteMembers](API_DeleteMembers.md) 
+  [DeletePublishingDestination](API_DeletePublishingDestination.md) 
+  [DeleteThreatEntitySet](API_DeleteThreatEntitySet.md) 
+  [DeleteThreatIntelSet](API_DeleteThreatIntelSet.md) 
+  [DeleteTrustedEntitySet](API_DeleteTrustedEntitySet.md) 
+  [DescribeMalwareScans](API_DescribeMalwareScans.md) 
+  [DescribeOrganizationConfiguration](API_DescribeOrganizationConfiguration.md) 
+  [DescribePublishingDestination](API_DescribePublishingDestination.md) 
+  [DisableOrganizationAdminAccount](API_DisableOrganizationAdminAccount.md) 
+  [DisassociateFromAdministratorAccount](API_DisassociateFromAdministratorAccount.md) 
+  [DisassociateFromMasterAccount](API_DisassociateFromMasterAccount.md) 
+  [DisassociateMembers](API_DisassociateMembers.md) 
+  [EnableOrganizationAdminAccount](API_EnableOrganizationAdminAccount.md) 
+  [GetAdministratorAccount](API_GetAdministratorAccount.md) 
+  [GetCoverageStatistics](API_GetCoverageStatistics.md) 
+  [GetDetector](API_GetDetector.md) 
+  [GetFilter](API_GetFilter.md) 
+  [GetFindings](API_GetFindings.md) 
+  [GetFindingsStatistics](API_GetFindingsStatistics.md) 
+  [GetInvitationsCount](API_GetInvitationsCount.md) 
+  [GetIPSet](API_GetIPSet.md) 
+  [GetMalwareProtectionPlan](API_GetMalwareProtectionPlan.md) 
+  [GetMalwareScan](API_GetMalwareScan.md) 
+  [GetMalwareScanSettings](API_GetMalwareScanSettings.md) 
+  [GetMasterAccount](API_GetMasterAccount.md) 
+  [GetMemberDetectors](API_GetMemberDetectors.md) 
+  [GetMembers](API_GetMembers.md) 
+  [GetOrganizationStatistics](API_GetOrganizationStatistics.md) 
+  [GetRemainingFreeTrialDays](API_GetRemainingFreeTrialDays.md) 
+  [GetThreatEntitySet](API_GetThreatEntitySet.md) 
+  [GetThreatIntelSet](API_GetThreatIntelSet.md) 
+  [GetTrustedEntitySet](API_GetTrustedEntitySet.md) 
+  [GetUsageStatistics](API_GetUsageStatistics.md) 
+  [InviteMembers](API_InviteMembers.md) 
+  [ListCoverage](API_ListCoverage.md) 
+  [ListDetectors](API_ListDetectors.md) 
+  [ListFilters](API_ListFilters.md) 
+  [ListFindings](API_ListFindings.md) 
+  [ListInvitations](API_ListInvitations.md) 
+  [ListIPSets](API_ListIPSets.md) 
+  [ListMalwareProtectionPlans](API_ListMalwareProtectionPlans.md) 
+  [ListMalwareScans](API_ListMalwareScans.md) 
+  [ListMembers](API_ListMembers.md) 
+  [ListOrganizationAdminAccounts](API_ListOrganizationAdminAccounts.md) 
+  [ListPublishingDestinations](API_ListPublishingDestinations.md) 
+  [ListTagsForResource](API_ListTagsForResource.md) 
+  [ListThreatEntitySets](API_ListThreatEntitySets.md) 
+  [ListThreatIntelSets](API_ListThreatIntelSets.md) 
+  [ListTrustedEntitySets](API_ListTrustedEntitySets.md) 
+  [SendObjectMalwareScan](API_SendObjectMalwareScan.md) 
+  [StartMalwareScan](API_StartMalwareScan.md) 
+  [StartMonitoringMembers](API_StartMonitoringMembers.md) 
+  [StopMonitoringMembers](API_StopMonitoringMembers.md) 
+  [TagResource](API_TagResource.md) 
+  [UnarchiveFindings](API_UnarchiveFindings.md) 
+  [UntagResource](API_UntagResource.md) 
+  [UpdateDetector](API_UpdateDetector.md) 
+  [UpdateFilter](API_UpdateFilter.md) 
+  [UpdateFindingsFeedback](API_UpdateFindingsFeedback.md) 
+  [UpdateIPSet](API_UpdateIPSet.md) 
+  [UpdateMalwareProtectionPlan](API_UpdateMalwareProtectionPlan.md) 
+  [UpdateMalwareScanSettings](API_UpdateMalwareScanSettings.md) 
+  [UpdateMemberDetectors](API_UpdateMemberDetectors.md) 
+  [UpdateOrganizationConfiguration](API_UpdateOrganizationConfiguration.md) 
+  [UpdatePublishingDestination](API_UpdatePublishingDestination.md) 
+  [UpdateThreatEntitySet](API_UpdateThreatEntitySet.md) 
+  [UpdateThreatIntelSet](API_UpdateThreatIntelSet.md) 
+  [UpdateTrustedEntitySet](API_UpdateTrustedEntitySet.md) 

# AcceptAdministratorInvitation


Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.

## Request Syntax


```
POST /detector/detectorId/administrator HTTP/1.1
Content-type: application/json

{
   "administratorId": "string",
   "invitationId": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_AcceptAdministratorInvitation_RequestSyntax) **   <a name="guardduty-AcceptAdministratorInvitation-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [administratorId](#API_AcceptAdministratorInvitation_RequestSyntax) **   <a name="guardduty-AcceptAdministratorInvitation-request-administratorId"></a>
The account ID of the GuardDuty administrator account whose invitation you're accepting.  
Type: String  
Required: Yes

 ** [invitationId](#API_AcceptAdministratorInvitation_RequestSyntax) **   <a name="guardduty-AcceptAdministratorInvitation-request-invitationId"></a>
The value that is used to validate the administrator account to the member account.  
Type: String  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/AcceptAdministratorInvitation) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/AcceptAdministratorInvitation) 

# AcceptInvitation


 *This action has been deprecated.* 

Accepts the invitation to be monitored by a GuardDuty administrator account.

## Request Syntax


```
POST /detector/detectorId/master HTTP/1.1
Content-type: application/json

{
   "invitationId": "string",
   "masterId": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_AcceptInvitation_RequestSyntax) **   <a name="guardduty-AcceptInvitation-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [invitationId](#API_AcceptInvitation_RequestSyntax) **   <a name="guardduty-AcceptInvitation-request-invitationId"></a>
The value that is used to validate the administrator account to the member account.  
Type: String  
Required: Yes

 ** [masterId](#API_AcceptInvitation_RequestSyntax) **   <a name="guardduty-AcceptInvitation-request-masterId"></a>
The account ID of the GuardDuty administrator account whose invitation you're accepting.  
Type: String  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/AcceptInvitation) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/AcceptInvitation) 

# ArchiveFindings


Archives GuardDuty findings that are specified by the list of finding IDs.

**Note**  
Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

## Request Syntax


```
POST /detector/detectorId/findings/archive HTTP/1.1
Content-type: application/json

{
   "findingIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ArchiveFindings_RequestSyntax) **   <a name="guardduty-ArchiveFindings-request-uri-DetectorId"></a>
The ID of the detector that specifies the GuardDuty service whose findings you want to archive.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingIds](#API_ArchiveFindings_RequestSyntax) **   <a name="guardduty-ArchiveFindings-request-findingIds"></a>
The IDs of the findings that you want to archive.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ArchiveFindings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ArchiveFindings) 

# CreateDetector


Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
+ When you don't specify any `features`, with an exception to `RUNTIME_MONITORING`, all the optional features are enabled by default.
+ When you specify some of the `features`, any feature that is not specified in the API call gets enabled by default, with an exception to `RUNTIME_MONITORING`. 

Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see [Runtime Monitoring](https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html).

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "enable": boolean
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": boolean
         }
      },
      "s3Logs": { 
         "enable": boolean
      }
   },
   "enable": boolean,
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "name": "string",
               "status": "string"
            }
         ],
         "name": "string",
         "status": "string"
      }
   ],
   "findingPublishingFrequency": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [clientToken](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [dataSources](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources will be enabled for the detector.  
There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).  
Type: [DataSourceConfigurations](API_DataSourceConfigurations.md) object  
Required: No

 ** [enable](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-enable"></a>
A Boolean value that specifies whether the detector is to be enabled.  
Type: Boolean  
Required: Yes

 ** [features](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-features"></a>
A list of features that will be configured for the detector.  
Type: Array of [DetectorFeatureConfiguration](API_DetectorFeatureConfiguration.md) objects  
Required: No

 ** [findingPublishingFrequency](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-findingPublishingFrequency"></a>
A value that specifies how frequently updated findings are exported.  
Type: String  
Valid Values: `FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS`   
Required: No

 ** [tags](#API_CreateDetector_RequestSyntax) **   <a name="guardduty-CreateDetector-request-tags"></a>
The tags to be added to a new detector resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "detectorId": "string",
   "unprocessedDataSources": { 
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": { 
               "reason": "string",
               "status": "string"
            }
         },
         "serviceRole": "string"
      }
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [detectorId](#API_CreateDetector_ResponseSyntax) **   <a name="guardduty-CreateDetector-response-detectorId"></a>
The unique ID of the created detector.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [unprocessedDataSources](#API_CreateDetector_ResponseSyntax) **   <a name="guardduty-CreateDetector-response-unprocessedDataSources"></a>
Specifies the data sources that couldn't be enabled when GuardDuty was enabled for the first time.  
Type: [UnprocessedDataSourcesResult](API_UnprocessedDataSourcesResult.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateDetector) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateDetector) 

# CreateFilter


Creates a filter using the specified finding criteria. The maximum number of saved filters per AWS account per Region is 100. For more information, see [Quotas for GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_limits.html).

## Request Syntax


```
POST /detector/detectorId/filter HTTP/1.1
Content-type: application/json

{
   "action": "string",
   "clientToken": "string",
   "description": "string",
   "findingCriteria": { 
      "criterion": { 
         "string" : { 
            "eq": [ "string" ],
            "equals": [ "string" ],
            "greaterThan": number,
            "greaterThanOrEqual": number,
            "gt": number,
            "gte": number,
            "lessThan": number,
            "lessThanOrEqual": number,
            "lt": number,
            "lte": number,
            "matches": [ "string" ],
            "neq": [ "string" ],
            "notEquals": [ "string" ],
            "notMatches": [ "string" ]
         }
      }
   },
   "name": "string",
   "rank": number,
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-uri-DetectorId"></a>
The detector ID associated with the GuardDuty account for which you want to create a filter.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [action](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-action"></a>
Specifies the action that is to be applied to the findings that match the filter.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `NOOP | ARCHIVE`   
Required: No

 ** [clientToken](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [description](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-description"></a>
The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (`{ }`, `[ ]`, and `( )`), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 512.  
Required: No

 ** [findingCriteria](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-findingCriteria"></a>
Represents the criteria to be used in the filter for querying findings.  
You can only use the following attributes to query findings:  
+ accountId
+ id
+ region
+ severity

  To filter on the basis of severity, the API and AWS CLI use the following input list for the [FindingCriteria](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_FindingCriteria.html) condition:
  +  **Low**: `["1", "2", "3"]` 
  +  **Medium**: `["4", "5", "6"]` 
  +  **High**: `["7", "8"]` 
  +  **Critical**: `["9", "10"]` 

  For more information, see [Findings severity levels](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-severity.html) in the *Amazon GuardDuty User Guide*.
+ type
+ updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
+ resource.accessKeyDetails.accessKeyId
+ resource.accessKeyDetails.principalId
+ resource.accessKeyDetails.userName
+ resource.accessKeyDetails.userType
+ resource.instanceDetails.iamInstanceProfile.id
+ resource.instanceDetails.imageId
+ resource.instanceDetails.instanceId
+ resource.instanceDetails.tags.key
+ resource.instanceDetails.tags.value
+ resource.instanceDetails.networkInterfaces.ipv6Addresses
+ resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+ resource.instanceDetails.networkInterfaces.publicDnsName
+ resource.instanceDetails.networkInterfaces.publicIp
+ resource.instanceDetails.networkInterfaces.securityGroups.groupId
+ resource.instanceDetails.networkInterfaces.securityGroups.groupName
+ resource.instanceDetails.networkInterfaces.subnetId
+ resource.instanceDetails.networkInterfaces.vpcId
+ resource.instanceDetails.outpostArn
+ resource.resourceType
+ resource.s3BucketDetails.publicAccess.effectivePermissions
+ resource.s3BucketDetails.name
+ resource.s3BucketDetails.tags.key
+ resource.s3BucketDetails.tags.value
+ resource.s3BucketDetails.type
+ service.action.actionType
+ service.action.awsApiCallAction.api
+ service.action.awsApiCallAction.callerType
+ service.action.awsApiCallAction.errorCode
+ service.action.awsApiCallAction.remoteIpDetails.city.cityName
+ service.action.awsApiCallAction.remoteIpDetails.country.countryName
+ service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+ service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
+ service.action.awsApiCallAction.remoteIpDetails.organization.asn
+ service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+ service.action.awsApiCallAction.serviceName
+ service.action.dnsRequestAction.domain
+ service.action.dnsRequestAction.domainWithSuffix
+ service.action.dnsRequestAction.vpcOwnerAccountId
+ service.action.networkConnectionAction.blocked
+ service.action.networkConnectionAction.connectionDirection
+ service.action.networkConnectionAction.localPortDetails.port
+ service.action.networkConnectionAction.protocol
+ service.action.networkConnectionAction.remoteIpDetails.city.cityName
+ service.action.networkConnectionAction.remoteIpDetails.country.countryName
+ service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+ service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
+ service.action.networkConnectionAction.remoteIpDetails.organization.asn
+ service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+ service.action.networkConnectionAction.remotePortDetails.port
+ service.action.awsApiCallAction.remoteAccountDetails.affiliated
+ service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
+ service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
+ service.action.kubernetesApiCallAction.namespace
+ service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
+ service.action.kubernetesApiCallAction.requestUri
+ service.action.kubernetesApiCallAction.statusCode
+ service.action.networkConnectionAction.localIpDetails.ipAddressV4
+ service.action.networkConnectionAction.localIpDetails.ipAddressV6
+ service.action.networkConnectionAction.protocol
+ service.action.awsApiCallAction.serviceName
+ service.action.awsApiCallAction.remoteAccountDetails.accountId
+ service.additionalInfo.threatListName
+ service.resourceRole
+ resource.eksClusterDetails.name
+ resource.kubernetesDetails.kubernetesWorkloadDetails.name
+ resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
+ resource.kubernetesDetails.kubernetesUserDetails.username
+ resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
+ resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
+ service.ebsVolumeScanDetails.scanId
+ service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
+ service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
+ service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
+ resource.ecsClusterDetails.name
+ resource.ecsClusterDetails.taskDetails.containers.image
+ resource.ecsClusterDetails.taskDetails.definitionArn
+ resource.containerDetails.image
+ resource.rdsDbInstanceDetails.dbInstanceIdentifier
+ resource.rdsDbInstanceDetails.dbClusterIdentifier
+ resource.rdsDbInstanceDetails.engine
+ resource.rdsDbUserDetails.user
+ resource.rdsDbInstanceDetails.tags.key
+ resource.rdsDbInstanceDetails.tags.value
+ service.runtimeDetails.process.executableSha256
+ service.runtimeDetails.process.name
+ service.runtimeDetails.process.executablePath
+ resource.lambdaDetails.functionName
+ resource.lambdaDetails.functionArn
+ resource.lambdaDetails.tags.key
+ resource.lambdaDetails.tags.value
Type: [FindingCriteria](API_FindingCriteria.md) object  
Required: Yes

 ** [name](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-name"></a>
The name of the filter. Valid characters include period (.), underscore (\$1), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.  
Type: String  
Length Constraints: Minimum length of 3. Maximum length of 64.  
Required: Yes

 ** [rank](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-rank"></a>
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [tags](#API_CreateFilter_RequestSyntax) **   <a name="guardduty-CreateFilter-request-tags"></a>
The tags to be added to a new filter resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "name": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [name](#API_CreateFilter_ResponseSyntax) **   <a name="guardduty-CreateFilter-response-name"></a>
The name of the successfully created filter.  
Type: String  
Length Constraints: Minimum length of 3. Maximum length of 64.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateFilter) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateFilter) 

# CreateIPSet


Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

## Request Syntax


```
POST /detector/detectorId/ipset HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "clientToken": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-activate"></a>
A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.  
Type: Boolean  
Required: Yes

 ** [clientToken](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [expectedBucketOwner](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Required: No

 ** [format](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-format"></a>
The format of the file that contains the IPSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE`   
Required: Yes

 ** [location](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-location"></a>
The URI of the file that contains the IPSet.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [name](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-name"></a>
The user-friendly name to identify the IPSet.  
 Allowed characters are alphanumeric, whitespace, dash (-), and underscores (\$1).  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [tags](#API_CreateIPSet_RequestSyntax) **   <a name="guardduty-CreateIPSet-request-tags"></a>
The tags to be added to a new IP set resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "ipSetId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [ipSetId](#API_CreateIPSet_ResponseSyntax) **   <a name="guardduty-CreateIPSet-response-ipSetId"></a>
The ID of the IPSet resource.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateIPSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateIPSet) 

# CreateMalwareProtectionPlan


Creates a new Malware Protection plan for the protected resource.

When you create a Malware Protection plan, the AWS service terms for GuardDuty Malware Protection apply. For more information, see [AWS service terms for GuardDuty Malware Protection](http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty).

## Request Syntax


```
POST /malware-protection-plan HTTP/1.1
Content-type: application/json

{
   "actions": { 
      "tagging": { 
         "status": "string"
      }
   },
   "clientToken": "string",
   "protectedResource": { 
      "s3Bucket": { 
         "bucketName": "string",
         "objectPrefixes": [ "string" ]
      }
   },
   "role": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [actions](#API_CreateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-request-actions"></a>
Information about whether the tags will be added to the S3 object after scanning.  
Type: [MalwareProtectionPlanActions](API_MalwareProtectionPlanActions.md) object  
Required: No

 ** [clientToken](#API_CreateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [protectedResource](#API_CreateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-request-protectedResource"></a>
Information about the protected resource that is associated with the created Malware Protection plan. Presently, `S3Bucket` is the only supported protected resource.  
Type: [CreateProtectedResource](API_CreateProtectedResource.md) object  
Required: Yes

 ** [role](#API_CreateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-request-role"></a>
Amazon Resource Name (ARN) of the IAM role that has the permissions to scan and add tags to the associated protected resource.  
Type: String  
Required: Yes

 ** [tags](#API_CreateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-request-tags"></a>
Tags added to the Malware Protection plan resource.   
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "malwareProtectionPlanId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [malwareProtectionPlanId](#API_CreateMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-CreateMalwareProtectionPlan-response-malwareProtectionPlanId"></a>
A unique identifier associated with the Malware Protection plan resource.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** ConflictException **   
A request conflict exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 409

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateMalwareProtectionPlan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateMalwareProtectionPlan) 

# CreateMembers


Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.

As a delegated administrator, using `CreateMembers` will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member.

When you use CreateMembers as an AWS Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see [DescribeOrganizationConfiguration](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeOrganizationConfiguration.html).

If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API. 

When the member accounts added through AWS Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

## Request Syntax


```
POST /detector/detectorId/member HTTP/1.1
Content-type: application/json

{
   "accountDetails": [ 
      { 
         "accountId": "string",
         "email": "string"
      }
   ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateMembers_RequestSyntax) **   <a name="guardduty-CreateMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account for which you want to associate member accounts.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountDetails](#API_CreateMembers_RequestSyntax) **   <a name="guardduty-CreateMembers-request-accountDetails"></a>
A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.  
Type: Array of [AccountDetail](API_AccountDetail.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_CreateMembers_ResponseSyntax) **   <a name="guardduty-CreateMembers-response-unprocessedAccounts"></a>
A list of objects that include the `accountIds` of the unprocessed accounts and a result string that explains why each was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateMembers) 

# CreatePublishingDestination


Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.

## Request Syntax


```
POST /detector/detectorId/publishingDestination HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "destinationProperties": { 
      "destinationArn": "string",
      "kmsKeyArn": "string"
   },
   "destinationType": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreatePublishingDestination_RequestSyntax) **   <a name="guardduty-CreatePublishingDestination-request-uri-DetectorId"></a>
The ID of the GuardDuty detector associated with the publishing destination.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [clientToken](#API_CreatePublishingDestination_RequestSyntax) **   <a name="guardduty-CreatePublishingDestination-request-clientToken"></a>
The idempotency token for the request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [destinationProperties](#API_CreatePublishingDestination_RequestSyntax) **   <a name="guardduty-CreatePublishingDestination-request-destinationProperties"></a>
The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.  
Type: [DestinationProperties](API_DestinationProperties.md) object  
Required: Yes

 ** [destinationType](#API_CreatePublishingDestination_RequestSyntax) **   <a name="guardduty-CreatePublishingDestination-request-destinationType"></a>
The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `S3`   
Required: Yes

 ** [tags](#API_CreatePublishingDestination_RequestSyntax) **   <a name="guardduty-CreatePublishingDestination-request-tags"></a>
The tags to be added to a new publishing destination resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "destinationId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [destinationId](#API_CreatePublishingDestination_ResponseSyntax) **   <a name="guardduty-CreatePublishingDestination-response-destinationId"></a>
The ID of the publishing destination that is created.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreatePublishingDestination) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreatePublishingDestination) 

# CreateSampleFindings


Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for `findingTypes`, the API generates sample findings of all supported finding types.

## Request Syntax


```
POST /detector/detectorId/findings/create HTTP/1.1
Content-type: application/json

{
   "findingTypes": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateSampleFindings_RequestSyntax) **   <a name="guardduty-CreateSampleFindings-request-uri-DetectorId"></a>
The ID of the detector for which you need to create sample findings.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingTypes](#API_CreateSampleFindings_RequestSyntax) **   <a name="guardduty-CreateSampleFindings-request-findingTypes"></a>
The types of sample findings to generate.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 50.  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateSampleFindings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateSampleFindings) 

# CreateThreatEntitySet


Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your AWS environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

## Request Syntax


```
POST /detector/detectorId/threatentityset HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "clientToken": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account for which you want to create a threat entity set.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-activate"></a>
A boolean value that indicates whether GuardDuty should start using the uploaded threat entity set to generate findings.  
Type: Boolean  
Required: Yes

 ** [clientToken](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [expectedBucketOwner](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$`   
Required: No

 ** [format](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-format"></a>
The format of the file that contains the threat entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE`   
Required: Yes

 ** [location](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-location"></a>
The URI of the file that contains the threat entity set. The format of the `Location` URL must be a valid Amazon S3 URL format. Invalid URL formats will result in an error, regardless of whether you activate the entity set or not. For more information about format of the location URLs, see [Format of location URL under Step 2: Adding trusted or threat intelligence data](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-lists-create-activate.html) in the *Amazon GuardDuty User Guide*.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [name](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-name"></a>
A user-friendly name to identify the threat entity set.  
The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (\$1).  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [tags](#API_CreateThreatEntitySet_RequestSyntax) **   <a name="guardduty-CreateThreatEntitySet-request-tags"></a>
The tags to be added to a new threat entity set resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "threatEntitySetId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [threatEntitySetId](#API_CreateThreatEntitySet_ResponseSyntax) **   <a name="guardduty-CreateThreatEntitySet-response-threatEntitySetId"></a>
The ID returned by GuardDuty after creation of the threat entity set resource.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateThreatEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateThreatEntitySet) 

# CreateThreatIntelSet


Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

## Request Syntax


```
POST /detector/detectorId/threatintelset HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "clientToken": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account for which you want to create a `threatIntelSet`.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-activate"></a>
A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.  
Type: Boolean  
Required: Yes

 ** [clientToken](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [expectedBucketOwner](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Required: No

 ** [format](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-format"></a>
The format of the file that contains the ThreatIntelSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE`   
Required: Yes

 ** [location](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-location"></a>
The URI of the file that contains the ThreatIntelSet.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [name](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-name"></a>
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [tags](#API_CreateThreatIntelSet_RequestSyntax) **   <a name="guardduty-CreateThreatIntelSet-request-tags"></a>
The tags to be added to a new threat list resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "threatIntelSetId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [threatIntelSetId](#API_CreateThreatIntelSet_ResponseSyntax) **   <a name="guardduty-CreateThreatIntelSet-response-threatIntelSetId"></a>
The ID of the ThreatIntelSet resource.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateThreatIntelSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateThreatIntelSet) 

# CreateTrustedEntitySet


Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your AWS environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set. 

Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.

## Request Syntax


```
POST /detector/detectorId/trustedentityset HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "clientToken": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account for which you want to create a trusted entity set.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-activate"></a>
A boolean value that indicates whether GuardDuty is to start using the uploaded trusted entity set.  
Type: Boolean  
Required: Yes

 ** [clientToken](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [expectedBucketOwner](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$`   
Required: No

 ** [format](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-format"></a>
The format of the file that contains the trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE`   
Required: Yes

 ** [location](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-location"></a>
The URI of the file that contains the threat entity set. The format of the `Location` URL must be a valid Amazon S3 URL format. Invalid URL formats will result in an error, regardless of whether you activate the entity set or not. For more information about format of the location URLs, see [Format of location URL under Step 2: Adding trusted or threat intelligence data](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-lists-create-activate.html) in the *Amazon GuardDuty User Guide*.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [name](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-name"></a>
A user-friendly name to identify the trusted entity set.  
The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (\$1).  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [tags](#API_CreateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-CreateTrustedEntitySet-request-tags"></a>
The tags to be added to a new trusted entity set resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "trustedEntitySetId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [trustedEntitySetId](#API_CreateTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-CreateTrustedEntitySet-response-trustedEntitySetId"></a>
The ID returned by GuardDuty after creation of the trusted entity set resource.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/CreateTrustedEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/CreateTrustedEntitySet) 

# DeclineInvitations


Declines invitations sent to the current member account by AWS accounts specified by their account IDs.

## Request Syntax


```
POST /invitation/decline HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_DeclineInvitations_RequestSyntax) **   <a name="guardduty-DeclineInvitations-request-accountIds"></a>
A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_DeclineInvitations_ResponseSyntax) **   <a name="guardduty-DeclineInvitations-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeclineInvitations) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeclineInvitations) 

# DeleteDetector


Deletes an Amazon GuardDuty detector that is specified by the detector ID.

## Request Syntax


```
DELETE /detector/detectorId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteDetector_RequestSyntax) **   <a name="guardduty-DeleteDetector-request-uri-DetectorId"></a>
The unique ID of the detector that you want to delete.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteDetector) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteDetector) 

# DeleteFilter


Deletes the filter specified by the filter name.

## Request Syntax


```
DELETE /detector/detectorId/filter/filterName HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteFilter_RequestSyntax) **   <a name="guardduty-DeleteFilter-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the filter.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [filterName](#API_DeleteFilter_RequestSyntax) **   <a name="guardduty-DeleteFilter-request-uri-FilterName"></a>
The name of the filter that you want to delete.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteFilter) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteFilter) 

# DeleteInvitations


Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

## Request Syntax


```
POST /invitation/delete HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_DeleteInvitations_RequestSyntax) **   <a name="guardduty-DeleteInvitations-request-accountIds"></a>
A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_DeleteInvitations_ResponseSyntax) **   <a name="guardduty-DeleteInvitations-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteInvitations) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteInvitations) 

# DeleteIPSet


Deletes the IPSet specified by the `ipSetId`. IPSets are called trusted IP lists in the console user interface.

## Request Syntax


```
DELETE /detector/detectorId/ipset/ipSetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteIPSet_RequestSyntax) **   <a name="guardduty-DeleteIPSet-request-uri-DetectorId"></a>
The unique ID of the detector associated with the IPSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [ipSetId](#API_DeleteIPSet_RequestSyntax) **   <a name="guardduty-DeleteIPSet-request-uri-IpSetId"></a>
The unique ID of the IPSet to delete.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteIPSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteIPSet) 

# DeleteMalwareProtectionPlan


Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.

## Request Syntax


```
DELETE /malware-protection-plan/malwareProtectionPlanId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [malwareProtectionPlanId](#API_DeleteMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-DeleteMalwareProtectionPlan-request-uri-MalwareProtectionPlanId"></a>
A unique identifier associated with Malware Protection plan resource.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The requested resource can't be found.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 404

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteMalwareProtectionPlan) 

# DeleteMembers


Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

With `autoEnableOrganizationMembers` configuration for your organization set to `ALL`, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.

## Request Syntax


```
POST /detector/detectorId/member/delete HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteMembers_RequestSyntax) **   <a name="guardduty-DeleteMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account whose members you want to delete.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_DeleteMembers_RequestSyntax) **   <a name="guardduty-DeleteMembers-request-accountIds"></a>
A list of account IDs of the GuardDuty member accounts that you want to delete.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_DeleteMembers_ResponseSyntax) **   <a name="guardduty-DeleteMembers-response-unprocessedAccounts"></a>
The accounts that could not be processed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteMembers) 

# DeletePublishingDestination


Deletes the publishing definition with the specified `destinationId`.

## Request Syntax


```
DELETE /detector/detectorId/publishingDestination/destinationId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [destinationId](#API_DeletePublishingDestination_RequestSyntax) **   <a name="guardduty-DeletePublishingDestination-request-uri-DestinationId"></a>
The ID of the publishing destination to delete.  
Required: Yes

 ** [detectorId](#API_DeletePublishingDestination_RequestSyntax) **   <a name="guardduty-DeletePublishingDestination-request-uri-DetectorId"></a>
The unique ID of the detector associated with the publishing destination to delete.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeletePublishingDestination) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeletePublishingDestination) 

# DeleteThreatEntitySet


Deletes the threat entity set that is associated with the specified `threatEntitySetId`.

## Request Syntax


```
DELETE /detector/detectorId/threatentityset/threatEntitySetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteThreatEntitySet_RequestSyntax) **   <a name="guardduty-DeleteThreatEntitySet-request-uri-DetectorId"></a>
The unique ID of the detector associated with the threat entity set resource.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatEntitySetId](#API_DeleteThreatEntitySet_RequestSyntax) **   <a name="guardduty-DeleteThreatEntitySet-request-uri-ThreatEntitySetId"></a>
The unique ID that helps GuardDuty identify which threat entity set needs to be deleted.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteThreatEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteThreatEntitySet) 

# DeleteThreatIntelSet


Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

## Request Syntax


```
DELETE /detector/detectorId/threatintelset/threatIntelSetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteThreatIntelSet_RequestSyntax) **   <a name="guardduty-DeleteThreatIntelSet-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the threatIntelSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatIntelSetId](#API_DeleteThreatIntelSet_RequestSyntax) **   <a name="guardduty-DeleteThreatIntelSet-request-uri-ThreatIntelSetId"></a>
The unique ID of the threatIntelSet that you want to delete.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteThreatIntelSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteThreatIntelSet) 

# DeleteTrustedEntitySet


Deletes the trusted entity set that is associated with the specified `trustedEntitySetId`.

## Request Syntax


```
DELETE /detector/detectorId/trustedentityset/trustedEntitySetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DeleteTrustedEntitySet_RequestSyntax) **   <a name="guardduty-DeleteTrustedEntitySet-request-uri-DetectorId"></a>
The unique ID of the detector associated with the trusted entity set resource.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [trustedEntitySetId](#API_DeleteTrustedEntitySet_RequestSyntax) **   <a name="guardduty-DeleteTrustedEntitySet-request-uri-TrustedEntitySetId"></a>
The unique ID that helps GuardDuty identify which trusted entity set needs to be deleted.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DeleteTrustedEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DeleteTrustedEntitySet) 

# DescribeMalwareScans


Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/malware-scans HTTP/1.1
Content-type: application/json

{
   "filterCriteria": { 
      "filterCriterion": [ 
         { 
            "criterionKey": "string",
            "filterCondition": { 
               "equalsValue": "string",
               "greaterThan": number,
               "lessThan": number
            }
         }
      ]
   },
   "maxResults": number,
   "nextToken": "string",
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DescribeMalwareScans_RequestSyntax) **   <a name="guardduty-DescribeMalwareScans-request-uri-DetectorId"></a>
The unique ID of the detector that the request is associated with.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [filterCriteria](#API_DescribeMalwareScans_RequestSyntax) **   <a name="guardduty-DescribeMalwareScans-request-filterCriteria"></a>
Represents the criteria to be used in the filter for describing scan entries.  
Type: [FilterCriteria](API_FilterCriteria.md) object  
Required: No

 ** [maxResults](#API_DescribeMalwareScans_RequestSyntax) **   <a name="guardduty-DescribeMalwareScans-request-maxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 50.  
Required: No

 ** [nextToken](#API_DescribeMalwareScans_RequestSyntax) **   <a name="guardduty-DescribeMalwareScans-request-nextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.  
Type: String  
Required: No

 ** [sortCriteria](#API_DescribeMalwareScans_RequestSyntax) **   <a name="guardduty-DescribeMalwareScans-request-sortCriteria"></a>
Represents the criteria used for sorting scan entries. The [https://docs.aws.amazon.com/guardduty/latest/APIReference/API_SortCriteria.html#guardduty-Type-SortCriteria-attributeName](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_SortCriteria.html#guardduty-Type-SortCriteria-attributeName) is required and it must be `scanStartTime`.  
Type: [SortCriteria](API_SortCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "scans": [ 
      { 
         "accountId": "string",
         "adminDetectorId": "string",
         "attachedVolumes": [ 
            { 
               "deviceName": "string",
               "encryptionType": "string",
               "kmsKeyArn": "string",
               "snapshotArn": "string",
               "volumeArn": "string",
               "volumeSizeInGB": number,
               "volumeType": "string"
            }
         ],
         "detectorId": "string",
         "failureReason": "string",
         "fileCount": number,
         "resourceDetails": { 
            "instanceArn": "string"
         },
         "scanEndTime": number,
         "scanId": "string",
         "scanResultDetails": { 
            "scanResult": "string"
         },
         "scanStartTime": number,
         "scanStatus": "string",
         "scanType": "string",
         "totalBytes": number,
         "triggerDetails": { 
            "description": "string",
            "guardDutyFindingId": "string",
            "triggerType": "string"
         }
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_DescribeMalwareScans_ResponseSyntax) **   <a name="guardduty-DescribeMalwareScans-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [scans](#API_DescribeMalwareScans_ResponseSyntax) **   <a name="guardduty-DescribeMalwareScans-response-scans"></a>
Contains information about malware scans associated with GuardDuty Malware Protection for EC2.  
Type: Array of [Scan](API_Scan.md) objects

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DescribeMalwareScans) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DescribeMalwareScans) 

# DescribeOrganizationConfiguration


Returns information about the account selected as the delegated administrator for GuardDuty.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
GET /detector/detectorId/admin?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DescribeOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-request-uri-DetectorId"></a>
The detector ID of the delegated administrator for which you need to retrieve the information.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_DescribeOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_DescribeOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill `nextToken` in the request with the value of `NextToken` from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "autoEnable": boolean,
   "autoEnableOrganizationMembers": "string",
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "autoEnable": boolean
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": { 
               "autoEnable": boolean
            }
         }
      },
      "s3Logs": { 
         "autoEnable": boolean
      }
   },
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "autoEnable": "string",
               "name": "string"
            }
         ],
         "autoEnable": "string",
         "name": "string"
      }
   ],
   "memberAccountLimitReached": boolean,
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [autoEnable](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-autoEnable"></a>
 *This parameter has been deprecated.*   
Indicates whether GuardDuty is automatically enabled for accounts added to the organization.  
Even though this is still supported, we recommend using `AutoEnableOrganizationMembers` to achieve the similar results.  
Type: Boolean

 ** [autoEnableOrganizationMembers](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-autoEnableOrganizationMembers"></a>
Indicates the auto-enablement configuration of GuardDuty or any of the corresponding protection plans for the member accounts in the organization.  
+  `NEW`: Indicates that when a new account joins the organization, they will have GuardDuty or any of the corresponding protection plans enabled automatically. 
+  `ALL`: Indicates that all accounts in the organization have GuardDuty and any of the corresponding protection plans enabled automatically. This includes `NEW` accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
+  `NONE`: Indicates that GuardDuty or any of the corresponding protection plans will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.

  When you update the auto-enable setting from `ALL` or `NEW` to `NONE`, this action doesn't disable the corresponding option for your existing accounts. This configuration will apply to the new accounts that join the organization. After you update the auto-enable settings, no new account will have the corresponding option as enabled.
Type: String  
Valid Values: `NEW | ALL | NONE` 

 ** [dataSources](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources are enabled automatically for member accounts.  
Type: [OrganizationDataSourceConfigurationsResult](API_OrganizationDataSourceConfigurationsResult.md) object

 ** [features](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-features"></a>
A list of features that are configured for this organization.  
Type: Array of [OrganizationFeatureConfigurationResult](API_OrganizationFeatureConfigurationResult.md) objects

 ** [memberAccountLimitReached](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-memberAccountLimitReached"></a>
Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.  
Type: Boolean

 ** [nextToken](#API_DescribeOrganizationConfiguration_ResponseSyntax) **   <a name="guardduty-DescribeOrganizationConfiguration-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DescribeOrganizationConfiguration) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DescribeOrganizationConfiguration) 

# DescribePublishingDestination


Returns information about the publishing destination specified by the provided `destinationId`.

## Request Syntax


```
GET /detector/detectorId/publishingDestination/destinationId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [destinationId](#API_DescribePublishingDestination_RequestSyntax) **   <a name="guardduty-DescribePublishingDestination-request-uri-DestinationId"></a>
The ID of the publishing destination to retrieve.  
Required: Yes

 ** [detectorId](#API_DescribePublishingDestination_RequestSyntax) **   <a name="guardduty-DescribePublishingDestination-request-uri-DetectorId"></a>
The unique ID of the detector associated with the publishing destination to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "destinationId": "string",
   "destinationProperties": { 
      "destinationArn": "string",
      "kmsKeyArn": "string"
   },
   "destinationType": "string",
   "publishingFailureStartTimestamp": number,
   "status": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [destinationId](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-destinationId"></a>
The ID of the publishing destination.  
Type: String

 ** [destinationProperties](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-destinationProperties"></a>
A `DestinationProperties` object that includes the `DestinationArn` and `KmsKeyArn` of the publishing destination.  
Type: [DestinationProperties](API_DestinationProperties.md) object

 ** [destinationType](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-destinationType"></a>
The type of publishing destination. Currently, only Amazon S3 buckets are supported.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `S3` 

 ** [publishingFailureStartTimestamp](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-publishingFailureStartTimestamp"></a>
The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.  
Type: Long

 ** [status](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-status"></a>
The status of the publishing destination.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `PENDING_VERIFICATION | PUBLISHING | UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY | STOPPED` 

 ** [tags](#API_DescribePublishingDestination_ResponseSyntax) **   <a name="guardduty-DescribePublishingDestination-response-tags"></a>
The tags of the publishing destination resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DescribePublishingDestination) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DescribePublishingDestination) 

# DisableOrganizationAdminAccount


Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation.

## Request Syntax


```
POST /admin/disable HTTP/1.1
Content-type: application/json

{
   "adminAccountId": "string"
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [adminAccountId](#API_DisableOrganizationAdminAccount_RequestSyntax) **   <a name="guardduty-DisableOrganizationAdminAccount-request-adminAccountId"></a>
The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.  
Type: String  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DisableOrganizationAdminAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DisableOrganizationAdminAccount) 

# DisassociateFromAdministratorAccount


Disassociates the current GuardDuty member account from its administrator account.

When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the [CreateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html) API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API. 

With `autoEnableOrganizationMembers` configuration for your organization set to `ALL`, you'll receive an error if you attempt to disable GuardDuty in a member account.

## Request Syntax


```
POST /detector/detectorId/administrator/disassociate HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DisassociateFromAdministratorAccount_RequestSyntax) **   <a name="guardduty-DisassociateFromAdministratorAccount-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DisassociateFromAdministratorAccount) 

# DisassociateFromMasterAccount


 *This action has been deprecated.* 

Disassociates the current GuardDuty member account from its administrator account.

When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the [CreateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html) API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API.

## Request Syntax


```
POST /detector/detectorId/master/disassociate HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DisassociateFromMasterAccount_RequestSyntax) **   <a name="guardduty-DisassociateFromMasterAccount-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DisassociateFromMasterAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DisassociateFromMasterAccount) 

# DisassociateMembers


Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs.

When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the [CreateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html) API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API. 

With `autoEnableOrganizationMembers` configuration for your organization set to `ALL`, you'll receive an error if you attempt to disassociate a member account before removing them from your organization.

If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API. 

When the member accounts added through AWS Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

## Request Syntax


```
POST /detector/detectorId/member/disassociate HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_DisassociateMembers_RequestSyntax) **   <a name="guardduty-DisassociateMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_DisassociateMembers_RequestSyntax) **   <a name="guardduty-DisassociateMembers-request-accountIds"></a>
A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_DisassociateMembers_ResponseSyntax) **   <a name="guardduty-DisassociateMembers-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/DisassociateMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/DisassociateMembers) 

# EnableOrganizationAdminAccount


Designates an AWS account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation.

## Request Syntax


```
POST /admin/enable HTTP/1.1
Content-type: application/json

{
   "adminAccountId": "string"
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [adminAccountId](#API_EnableOrganizationAdminAccount_RequestSyntax) **   <a name="guardduty-EnableOrganizationAdminAccount-request-adminAccountId"></a>
The AWS account ID for the organization account to be enabled as a GuardDuty delegated administrator.  
Type: String  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/EnableOrganizationAdminAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/EnableOrganizationAdminAccount) 

# GetAdministratorAccount


Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account.

Based on the type of account that runs this API, the following list shows how the API behavior varies:
+ When the GuardDuty administrator account runs this API, it will return success (`HTTP 200`) but no content.
+ When a member account runs this API, it will return the details of the GuardDuty administrator account that is associated with this calling member account.
+ When an individual account (not associated with an organization) runs this API, it will return success (`HTTP 200`) but no content.

## Request Syntax


```
GET /detector/detectorId/administrator HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetAdministratorAccount_RequestSyntax) **   <a name="guardduty-GetAdministratorAccount-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "administrator": { 
      "accountId": "string",
      "invitationId": "string",
      "invitedAt": "string",
      "relationshipStatus": "string"
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [administrator](#API_GetAdministratorAccount_ResponseSyntax) **   <a name="guardduty-GetAdministratorAccount-response-administrator"></a>
The administrator account details.  
Type: [Administrator](API_Administrator.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetAdministratorAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetAdministratorAccount) 

# GetCoverageStatistics


Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources.

## Request Syntax


```
POST /detector/detectorId/coverage/statistics HTTP/1.1
Content-type: application/json

{
   "filterCriteria": { 
      "filterCriterion": [ 
         { 
            "criterionKey": "string",
            "filterCondition": { 
               "equals": [ "string" ],
               "notEquals": [ "string" ]
            }
         }
      ]
   },
   "statisticsType": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetCoverageStatistics_RequestSyntax) **   <a name="guardduty-GetCoverageStatistics-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [filterCriteria](#API_GetCoverageStatistics_RequestSyntax) **   <a name="guardduty-GetCoverageStatistics-request-filterCriteria"></a>
Represents the criteria used to filter the coverage statistics.  
Type: [CoverageFilterCriteria](API_CoverageFilterCriteria.md) object  
Required: No

 ** [statisticsType](#API_GetCoverageStatistics_RequestSyntax) **   <a name="guardduty-GetCoverageStatistics-request-statisticsType"></a>
Represents the statistics type used to aggregate the coverage details.  
Type: Array of strings  
Valid Values: `COUNT_BY_RESOURCE_TYPE | COUNT_BY_COVERAGE_STATUS`   
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "coverageStatistics": { 
      "countByCoverageStatus": { 
         "string" : number 
      },
      "countByResourceType": { 
         "string" : number 
      }
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [coverageStatistics](#API_GetCoverageStatistics_ResponseSyntax) **   <a name="guardduty-GetCoverageStatistics-response-coverageStatistics"></a>
Represents the count aggregated by the `statusCode` and `resourceType`.  
Type: [CoverageStatistics](API_CoverageStatistics.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetCoverageStatistics) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetCoverageStatistics) 

# GetDetector


Retrieves a GuardDuty detector specified by the detectorId.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
GET /detector/detectorId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetDetector_RequestSyntax) **   <a name="guardduty-GetDetector-request-uri-DetectorId"></a>
The unique ID of the detector that you want to get.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "createdAt": "string",
   "dataSources": { 
      "cloudTrail": { 
         "status": "string"
      },
      "dnsLogs": { 
         "status": "string"
      },
      "flowLogs": { 
         "status": "string"
      },
      "kubernetes": { 
         "auditLogs": { 
            "status": "string"
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": { 
               "reason": "string",
               "status": "string"
            }
         },
         "serviceRole": "string"
      },
      "s3Logs": { 
         "status": "string"
      }
   },
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "name": "string",
               "status": "string",
               "updatedAt": number
            }
         ],
         "name": "string",
         "status": "string",
         "updatedAt": number
      }
   ],
   "findingPublishingFrequency": "string",
   "serviceRole": "string",
   "status": "string",
   "tags": { 
      "string" : "string" 
   },
   "updatedAt": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [createdAt](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-createdAt"></a>
The timestamp of when the detector was created.  
Type: String

 ** [dataSources](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources are enabled for the detector.  
Type: [DataSourceConfigurationsResult](API_DataSourceConfigurationsResult.md) object

 ** [features](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-features"></a>
Describes the features that have been enabled for the detector.  
Type: Array of [DetectorFeatureConfigurationResult](API_DetectorFeatureConfigurationResult.md) objects

 ** [findingPublishingFrequency](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-findingPublishingFrequency"></a>
The publishing frequency of the finding.  
Type: String  
Valid Values: `FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS` 

 ** [serviceRole](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-serviceRole"></a>
The GuardDuty service role.  
Type: String

 ** [status](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-status"></a>
The detector status.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `ENABLED | DISABLED` 

 ** [tags](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-tags"></a>
The tags of the detector resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

 ** [updatedAt](#API_GetDetector_ResponseSyntax) **   <a name="guardduty-GetDetector-response-updatedAt"></a>
The last-updated timestamp for the detector.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetDetector) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetDetector) 

# GetFilter


Returns the details of the filter specified by the filter name.

## Request Syntax


```
GET /detector/detectorId/filter/filterName HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetFilter_RequestSyntax) **   <a name="guardduty-GetFilter-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with this filter.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [filterName](#API_GetFilter_RequestSyntax) **   <a name="guardduty-GetFilter-request-uri-FilterName"></a>
The name of the filter you want to get.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "action": "string",
   "description": "string",
   "findingCriteria": { 
      "criterion": { 
         "string" : { 
            "eq": [ "string" ],
            "equals": [ "string" ],
            "greaterThan": number,
            "greaterThanOrEqual": number,
            "gt": number,
            "gte": number,
            "lessThan": number,
            "lessThanOrEqual": number,
            "lt": number,
            "lte": number,
            "matches": [ "string" ],
            "neq": [ "string" ],
            "notEquals": [ "string" ],
            "notMatches": [ "string" ]
         }
      }
   },
   "name": "string",
   "rank": number,
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [action](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-action"></a>
Specifies the action that is to be applied to the findings that match the filter.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `NOOP | ARCHIVE` 

 ** [description](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-description"></a>
The description of the filter.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 512.

 ** [findingCriteria](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-findingCriteria"></a>
Represents the criteria to be used in the filter for querying findings.  
Type: [FindingCriteria](API_FindingCriteria.md) object

 ** [name](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-name"></a>
The name of the filter.  
Type: String  
Length Constraints: Minimum length of 3. Maximum length of 64.

 ** [rank](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-rank"></a>
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.

 ** [tags](#API_GetFilter_ResponseSyntax) **   <a name="guardduty-GetFilter-response-tags"></a>
The tags of the filter resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetFilter) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetFilter) 

# GetFindings


Describes Amazon GuardDuty findings specified by finding IDs.

## Request Syntax


```
POST /detector/detectorId/findings/get HTTP/1.1
Content-type: application/json

{
   "findingIds": [ "string" ],
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetFindings_RequestSyntax) **   <a name="guardduty-GetFindings-request-uri-DetectorId"></a>
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingIds](#API_GetFindings_RequestSyntax) **   <a name="guardduty-GetFindings-request-findingIds"></a>
The IDs of the findings that you want to retrieve.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [sortCriteria](#API_GetFindings_RequestSyntax) **   <a name="guardduty-GetFindings-request-sortCriteria"></a>
Represents the criteria used for sorting findings.  
Type: [SortCriteria](API_SortCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "findings": [ 
      { 
         "accountId": "string",
         "arn": "string",
         "associatedAttackSequenceArn": "string",
         "confidence": number,
         "createdAt": "string",
         "description": "string",
         "id": "string",
         "partition": "string",
         "region": "string",
         "resource": { 
            "accessKeyDetails": { 
               "accessKeyId": "string",
               "principalId": "string",
               "userName": "string",
               "userType": "string"
            },
            "containerDetails": { 
               "containerRuntime": "string",
               "id": "string",
               "image": "string",
               "imagePrefix": "string",
               "name": "string",
               "securityContext": { 
                  "allowPrivilegeEscalation": boolean,
                  "privileged": boolean
               },
               "volumeMounts": [ 
                  { 
                     "mountPath": "string",
                     "name": "string"
                  }
               ]
            },
            "ebsSnapshotDetails": { 
               "snapshotArn": "string"
            },
            "ebsVolumeDetails": { 
               "scannedVolumeDetails": [ 
                  { 
                     "deviceName": "string",
                     "encryptionType": "string",
                     "kmsKeyArn": "string",
                     "snapshotArn": "string",
                     "volumeArn": "string",
                     "volumeSizeInGB": number,
                     "volumeType": "string"
                  }
               ],
               "skippedVolumeDetails": [ 
                  { 
                     "deviceName": "string",
                     "encryptionType": "string",
                     "kmsKeyArn": "string",
                     "snapshotArn": "string",
                     "volumeArn": "string",
                     "volumeSizeInGB": number,
                     "volumeType": "string"
                  }
               ]
            },
            "ec2ImageDetails": { 
               "imageArn": "string"
            },
            "ecsClusterDetails": { 
               "activeServicesCount": number,
               "arn": "string",
               "name": "string",
               "registeredContainerInstancesCount": number,
               "runningTasksCount": number,
               "status": "string",
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ],
               "taskDetails": { 
                  "arn": "string",
                  "containers": [ 
                     { 
                        "containerRuntime": "string",
                        "id": "string",
                        "image": "string",
                        "imagePrefix": "string",
                        "name": "string",
                        "securityContext": { 
                           "allowPrivilegeEscalation": boolean,
                           "privileged": boolean
                        },
                        "volumeMounts": [ 
                           { 
                              "mountPath": "string",
                              "name": "string"
                           }
                        ]
                     }
                  ],
                  "definitionArn": "string",
                  "group": "string",
                  "launchType": "string",
                  "startedAt": number,
                  "startedBy": "string",
                  "tags": [ 
                     { 
                        "key": "string",
                        "value": "string"
                     }
                  ],
                  "createdAt": number,
                  "version": "string",
                  "volumes": [ 
                     { 
                        "hostPath": { 
                           "path": "string"
                        },
                        "name": "string"
                     }
                  ]
               }
            },
            "eksClusterDetails": { 
               "arn": "string",
               "createdAt": number,
               "name": "string",
               "status": "string",
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ],
               "vpcId": "string"
            },
            "instanceDetails": { 
               "availabilityZone": "string",
               "iamInstanceProfile": { 
                  "arn": "string",
                  "id": "string"
               },
               "imageDescription": "string",
               "imageId": "string",
               "instanceId": "string",
               "instanceState": "string",
               "instanceType": "string",
               "launchTime": "string",
               "networkInterfaces": [ 
                  { 
                     "ipv6Addresses": [ "string" ],
                     "networkInterfaceId": "string",
                     "privateDnsName": "string",
                     "privateIpAddress": "string",
                     "privateIpAddresses": [ 
                        { 
                           "privateDnsName": "string",
                           "privateIpAddress": "string"
                        }
                     ],
                     "publicDnsName": "string",
                     "publicIp": "string",
                     "securityGroups": [ 
                        { 
                           "groupId": "string",
                           "groupName": "string"
                        }
                     ],
                     "subnetId": "string",
                     "vpcId": "string"
                  }
               ],
               "outpostArn": "string",
               "platform": "string",
               "productCodes": [ 
                  { 
                     "productCodeId": "string",
                     "productCodeType": "string"
                  }
               ],
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ]
            },
            "kubernetesDetails": { 
               "kubernetesUserDetails": { 
                  "groups": [ "string" ],
                  "impersonatedUser": { 
                     "groups": [ "string" ],
                     "username": "string"
                  },
                  "sessionName": [ "string" ],
                  "uid": "string",
                  "username": "string"
               },
               "kubernetesWorkloadDetails": { 
                  "containers": [ 
                     { 
                        "containerRuntime": "string",
                        "id": "string",
                        "image": "string",
                        "imagePrefix": "string",
                        "name": "string",
                        "securityContext": { 
                           "allowPrivilegeEscalation": boolean,
                           "privileged": boolean
                        },
                        "volumeMounts": [ 
                           { 
                              "mountPath": "string",
                              "name": "string"
                           }
                        ]
                     }
                  ],
                  "hostIPC": boolean,
                  "hostNetwork": boolean,
                  "hostPID": boolean,
                  "name": "string",
                  "namespace": "string",
                  "serviceAccountName": "string",
                  "type": "string",
                  "uid": "string",
                  "volumes": [ 
                     { 
                        "hostPath": { 
                           "path": "string"
                        },
                        "name": "string"
                     }
                  ]
               }
            },
            "lambdaDetails": { 
               "description": "string",
               "functionArn": "string",
               "functionName": "string",
               "functionVersion": "string",
               "lastModifiedAt": number,
               "revisionId": "string",
               "role": "string",
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ],
               "vpcConfig": { 
                  "securityGroups": [ 
                     { 
                        "groupId": "string",
                        "groupName": "string"
                     }
                  ],
                  "subnetIds": [ "string" ],
                  "vpcId": "string"
               }
            },
            "rdsDbInstanceDetails": { 
               "dbClusterIdentifier": "string",
               "dbInstanceArn": "string",
               "dbInstanceIdentifier": "string",
               "dbiResourceId": "string",
               "engine": "string",
               "engineVersion": "string",
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ]
            },
            "rdsDbUserDetails": { 
               "application": "string",
               "authMethod": "string",
               "database": "string",
               "ssl": "string",
               "user": "string"
            },
            "rdsLimitlessDbDetails": { 
               "dbClusterIdentifier": "string",
               "dbShardGroupArn": "string",
               "dbShardGroupIdentifier": "string",
               "dbShardGroupResourceId": "string",
               "engine": "string",
               "engineVersion": "string",
               "tags": [ 
                  { 
                     "key": "string",
                     "value": "string"
                  }
               ]
            },
            "recoveryPointDetails": { 
               "backupVaultName": "string",
               "recoveryPointArn": "string"
            },
            "resourceType": "string",
            "s3BucketDetails": [ 
               { 
                  "arn": "string",
                  "createdAt": number,
                  "defaultServerSideEncryption": { 
                     "encryptionType": "string",
                     "kmsMasterKeyArn": "string"
                  },
                  "name": "string",
                  "owner": { 
                     "id": "string"
                  },
                  "publicAccess": { 
                     "effectivePermission": "string",
                     "permissionConfiguration": { 
                        "accountLevelPermissions": { 
                           "blockPublicAccess": { 
                              "blockPublicAcls": boolean,
                              "blockPublicPolicy": boolean,
                              "ignorePublicAcls": boolean,
                              "restrictPublicBuckets": boolean
                           }
                        },
                        "bucketLevelPermissions": { 
                           "accessControlList": { 
                              "allowsPublicReadAccess": boolean,
                              "allowsPublicWriteAccess": boolean
                           },
                           "blockPublicAccess": { 
                              "blockPublicAcls": boolean,
                              "blockPublicPolicy": boolean,
                              "ignorePublicAcls": boolean,
                              "restrictPublicBuckets": boolean
                           },
                           "bucketPolicy": { 
                              "allowsPublicReadAccess": boolean,
                              "allowsPublicWriteAccess": boolean
                           }
                        }
                     }
                  },
                  "s3ObjectDetails": [ 
                     { 
                        "eTag": "string",
                        "hash": "string",
                        "key": "string",
                        "objectArn": "string",
                        "versionId": "string"
                     }
                  ],
                  "tags": [ 
                     { 
                        "key": "string",
                        "value": "string"
                     }
                  ],
                  "type": "string"
               }
            ]
         },
         "schemaVersion": "string",
         "service": { 
            "action": { 
               "actionType": "string",
               "awsApiCallAction": { 
                  "affectedResources": { 
                     "string" : "string" 
                  },
                  "api": "string",
                  "callerType": "string",
                  "domainDetails": { 
                     "domain": "string"
                  },
                  "errorCode": "string",
                  "remoteAccountDetails": { 
                     "accountId": "string",
                     "affiliated": boolean
                  },
                  "remoteIpDetails": { 
                     "city": { 
                        "cityName": "string"
                     },
                     "country": { 
                        "countryCode": "string",
                        "countryName": "string"
                     },
                     "geoLocation": { 
                        "lat": number,
                        "lon": number
                     },
                     "ipAddressV4": "string",
                     "ipAddressV6": "string",
                     "organization": { 
                        "asn": "string",
                        "asnOrg": "string",
                        "isp": "string",
                        "org": "string"
                     }
                  },
                  "serviceName": "string",
                  "userAgent": "string"
               },
               "dnsRequestAction": { 
                  "blocked": boolean,
                  "domain": "string",
                  "domainWithSuffix": "string",
                  "protocol": "string",
                  "vpcOwnerAccountId": "string"
               },
               "kubernetesApiCallAction": { 
                  "namespace": "string",
                  "parameters": "string",
                  "remoteIpDetails": { 
                     "city": { 
                        "cityName": "string"
                     },
                     "country": { 
                        "countryCode": "string",
                        "countryName": "string"
                     },
                     "geoLocation": { 
                        "lat": number,
                        "lon": number
                     },
                     "ipAddressV4": "string",
                     "ipAddressV6": "string",
                     "organization": { 
                        "asn": "string",
                        "asnOrg": "string",
                        "isp": "string",
                        "org": "string"
                     }
                  },
                  "requestUri": "string",
                  "resource": "string",
                  "resourceName": "string",
                  "sourceIPs": [ "string" ],
                  "statusCode": number,
                  "subresource": "string",
                  "userAgent": "string",
                  "verb": "string"
               },
               "kubernetesPermissionCheckedDetails": { 
                  "allowed": boolean,
                  "namespace": "string",
                  "resource": "string",
                  "verb": "string"
               },
               "kubernetesRoleBindingDetails": { 
                  "kind": "string",
                  "name": "string",
                  "roleRefKind": "string",
                  "roleRefName": "string",
                  "uid": "string"
               },
               "kubernetesRoleDetails": { 
                  "kind": "string",
                  "name": "string",
                  "uid": "string"
               },
               "networkConnectionAction": { 
                  "blocked": boolean,
                  "connectionDirection": "string",
                  "localIpDetails": { 
                     "ipAddressV4": "string",
                     "ipAddressV6": "string"
                  },
                  "localNetworkInterface": "string",
                  "localPortDetails": { 
                     "port": number,
                     "portName": "string"
                  },
                  "protocol": "string",
                  "remoteIpDetails": { 
                     "city": { 
                        "cityName": "string"
                     },
                     "country": { 
                        "countryCode": "string",
                        "countryName": "string"
                     },
                     "geoLocation": { 
                        "lat": number,
                        "lon": number
                     },
                     "ipAddressV4": "string",
                     "ipAddressV6": "string",
                     "organization": { 
                        "asn": "string",
                        "asnOrg": "string",
                        "isp": "string",
                        "org": "string"
                     }
                  },
                  "remotePortDetails": { 
                     "port": number,
                     "portName": "string"
                  }
               },
               "portProbeAction": { 
                  "blocked": boolean,
                  "portProbeDetails": [ 
                     { 
                        "localIpDetails": { 
                           "ipAddressV4": "string",
                           "ipAddressV6": "string"
                        },
                        "localPortDetails": { 
                           "port": number,
                           "portName": "string"
                        },
                        "remoteIpDetails": { 
                           "city": { 
                              "cityName": "string"
                           },
                           "country": { 
                              "countryCode": "string",
                              "countryName": "string"
                           },
                           "geoLocation": { 
                              "lat": number,
                              "lon": number
                           },
                           "ipAddressV4": "string",
                           "ipAddressV6": "string",
                           "organization": { 
                              "asn": "string",
                              "asnOrg": "string",
                              "isp": "string",
                              "org": "string"
                           }
                        }
                     }
                  ]
               },
               "rdsLoginAttemptAction": { 
                  "LoginAttributes": [ 
                     { 
                        "application": "string",
                        "failedLoginAttempts": number,
                        "successfulLoginAttempts": number,
                        "user": "string"
                     }
                  ],
                  "remoteIpDetails": { 
                     "city": { 
                        "cityName": "string"
                     },
                     "country": { 
                        "countryCode": "string",
                        "countryName": "string"
                     },
                     "geoLocation": { 
                        "lat": number,
                        "lon": number
                     },
                     "ipAddressV4": "string",
                     "ipAddressV6": "string",
                     "organization": { 
                        "asn": "string",
                        "asnOrg": "string",
                        "isp": "string",
                        "org": "string"
                     }
                  }
               }
            },
            "additionalInfo": { 
               "type": "string",
               "value": "string"
            },
            "archived": boolean,
            "count": number,
            "detection": { 
               "anomaly": { 
                  "profiles": { 
                     "string" : { 
                        "string" : [ 
                           { 
                              "observations": { 
                                 "text": [ "string" ]
                              },
                              "profileSubtype": "string",
                              "profileType": "string"
                           }
                        ]
                     }
                  },
                  "unusual": { 
                     "behavior": { 
                        "string" : { 
                           "string" : { 
                              "observations": { 
                                 "text": [ "string" ]
                              },
                              "profileSubtype": "string",
                              "profileType": "string"
                           }
                        }
                     }
                  }
               },
               "sequence": { 
                  "actors": [ 
                     { 
                        "id": "string",
                        "process": { 
                           "name": "string",
                           "path": "string",
                           "sha256": "string"
                        },
                        "session": { 
                           "createdTime": number,
                           "issuer": "string",
                           "mfaStatus": "string",
                           "uid": "string"
                        },
                        "user": { 
                           "account": { 
                              "account": "string",
                              "uid": "string"
                           },
                           "credentialUid": "string",
                           "name": "string",
                           "type": "string",
                           "uid": "string"
                        }
                     }
                  ],
                  "additionalSequenceTypes": [ "string" ],
                  "description": "string",
                  "endpoints": [ 
                     { 
                        "autonomousSystem": { 
                           "name": "string",
                           "number": number
                        },
                        "connection": { 
                           "direction": "string"
                        },
                        "domain": "string",
                        "id": "string",
                        "ip": "string",
                        "location": { 
                           "city": "string",
                           "country": "string",
                           "lat": number,
                           "lon": number
                        },
                        "port": number
                     }
                  ],
                  "resources": [ 
                     { 
                        "accountId": "string",
                        "cloudPartition": "string",
                        "data": { 
                           "accessKey": { 
                              "principalId": "string",
                              "userName": "string",
                              "userType": "string"
                           },
                           "autoscalingAutoScalingGroup": { 
                              "ec2InstanceUids": [ "string" ]
                           },
                           "cloudformationStack": { 
                              "ec2InstanceUids": [ "string" ]
                           },
                           "container": { 
                              "image": "string",
                              "imageUid": "string"
                           },
                           "ec2Image": { 
                              "ec2InstanceUids": [ "string" ]
                           },
                           "ec2Instance": { 
                              "availabilityZone": "string",
                              "ec2NetworkInterfaceUids": [ "string" ],
                              "IamInstanceProfile": { 
                                 "arn": "string",
                                 "id": "string"
                              },
                              "imageDescription": "string",
                              "instanceState": "string",
                              "instanceType": "string",
                              "outpostArn": "string",
                              "platform": "string",
                              "productCodes": [ 
                                 { 
                                    "productCodeId": "string",
                                    "productCodeType": "string"
                                 }
                              ]
                           },
                           "ec2LaunchTemplate": { 
                              "ec2InstanceUids": [ "string" ],
                              "version": "string"
                           },
                           "ec2NetworkInterface": { 
                              "ipv6Addresses": [ "string" ],
                              "privateIpAddresses": [ 
                                 { 
                                    "privateDnsName": "string",
                                    "privateIpAddress": "string"
                                 }
                              ],
                              "publicIp": "string",
                              "securityGroups": [ 
                                 { 
                                    "groupId": "string",
                                    "groupName": "string"
                                 }
                              ],
                              "subNetId": "string",
                              "vpcId": "string"
                           },
                           "ec2Vpc": { 
                              "ec2InstanceUids": [ "string" ]
                           },
                           "ecsCluster": { 
                              "ec2InstanceUids": [ "string" ],
                              "status": "string"
                           },
                           "ecsTask": { 
                              "containerUids": [ "string" ],
                              "createdAt": number,
                              "launchType": "string",
                              "taskDefinitionArn": "string"
                           },
                           "eksCluster": { 
                              "arn": "string",
                              "createdAt": number,
                              "ec2InstanceUids": [ "string" ],
                              "status": "string",
                              "vpcId": "string"
                           },
                           "iamInstanceProfile": { 
                              "ec2InstanceUids": [ "string" ]
                           },
                           "kubernetesWorkload": { 
                              "containerUids": [ "string" ],
                              "type": "string",
                              "namespace": "string"
                           },
                           "s3Bucket": { 
                              "accountPublicAccess": { 
                                 "publicAclAccess": "string",
                                 "publicAclIgnoreBehavior": "string",
                                 "publicBucketRestrictBehavior": "string",
                                 "publicPolicyAccess": "string"
                              },
                              "bucketPublicAccess": { 
                                 "publicAclAccess": "string",
                                 "publicAclIgnoreBehavior": "string",
                                 "publicBucketRestrictBehavior": "string",
                                 "publicPolicyAccess": "string"
                              },
                              "createdAt": number,
                              "effectivePermission": "string",
                              "encryptionKeyArn": "string",
                              "encryptionType": "string",
                              "ownerId": "string",
                              "publicReadAccess": "string",
                              "publicWriteAccess": "string",
                              "s3ObjectUids": [ "string" ]
                           },
                           "s3Object": { 
                              "eTag": "string",
                              "key": "string",
                              "versionId": "string"
                           }
                        },
                        "name": "string",
                        "region": "string",
                        "resourceType": "string",
                        "service": "string",
                        "tags": [ 
                           { 
                              "key": "string",
                              "value": "string"
                           }
                        ],
                        "uid": "string"
                     }
                  ],
                  "sequenceIndicators": [ 
                     { 
                        "key": "string",
                        "title": "string",
                        "values": [ "string" ]
                     }
                  ],
                  "signals": [ 
                     { 
                        "actorIds": [ "string" ],
                        "count": number,
                        "createdAt": number,
                        "description": "string",
                        "endpointIds": [ "string" ],
                        "firstSeenAt": number,
                        "lastSeenAt": number,
                        "name": "string",
                        "resourceUids": [ "string" ],
                        "severity": number,
                        "signalIndicators": [ 
                           { 
                              "key": "string",
                              "title": "string",
                              "values": [ "string" ]
                           }
                        ],
                        "type": "string",
                        "uid": "string",
                        "updatedAt": number
                     }
                  ],
                  "uid": "string"
               }
            },
            "detectorId": "string",
            "ebsVolumeScanDetails": { 
               "scanCompletedAt": number,
               "scanDetections": { 
                  "highestSeverityThreatDetails": { 
                     "count": number,
                     "severity": "string",
                     "threatName": "string"
                  },
                  "scannedItemCount": { 
                     "files": number,
                     "totalGb": number,
                     "volumes": number
                  },
                  "threatDetectedByName": { 
                     "itemCount": number,
                     "shortened": boolean,
                     "threatNames": [ 
                        { 
                           "filePaths": [ 
                              { 
                                 "fileName": "string",
                                 "filePath": "string",
                                 "hash": "string",
                                 "volumeArn": "string"
                              }
                           ],
                           "itemCount": number,
                           "name": "string",
                           "severity": "string"
                        }
                     ],
                     "uniqueThreatNameCount": number
                  },
                  "threatsDetectedItemCount": { 
                     "files": number
                  }
               },
               "scanId": "string",
               "scanStartedAt": number,
               "scanType": "string",
               "sources": [ "string" ],
               "triggerFindingId": "string"
            },
            "eventFirstSeen": "string",
            "eventLastSeen": "string",
            "evidence": { 
               "threatIntelligenceDetails": [ 
                  { 
                     "threatFileSha256": "string",
                     "threatListName": "string",
                     "threatNames": [ "string" ]
                  }
               ]
            },
            "featureName": "string",
            "malwareScanDetails": { 
               "scanCategory": "string",
               "scanConfiguration": { 
                  "incrementalScanDetails": { 
                     "baselineResourceArn": "string"
                  },
                  "triggerType": "string"
               },
               "scanId": "string",
               "scanType": "string",
               "threats": [ 
                  { 
                     "count": number,
                     "hash": "string",
                     "itemDetails": [ 
                        { 
                           "additionalInfo": { 
                              "deviceName": "string",
                              "versionId": "string"
                           },
                           "hash": "string",
                           "itemPath": "string",
                           "resourceArn": "string"
                        }
                     ],
                     "itemPaths": [ 
                        { 
                           "hash": "string",
                           "nestedItemPath": "string"
                        }
                     ],
                     "name": "string",
                     "source": "string"
                  }
               ],
               "uniqueThreatCount": number
            },
            "resourceRole": "string",
            "runtimeDetails": { 
               "context": { 
                  "addressFamily": "string",
                  "commandLineExample": "string",
                  "fileSystemType": "string",
                  "flags": [ "string" ],
                  "ianaProtocolNumber": number,
                  "ldPreloadValue": "string",
                  "libraryPath": "string",
                  "memoryRegions": [ "string" ],
                  "modifiedAt": number,
                  "modifyingProcess": { 
                     "euid": number,
                     "executablePath": "string",
                     "executableSha256": "string",
                     "lineage": [ 
                        { 
                           "euid": number,
                           "executablePath": "string",
                           "name": "string",
                           "namespacePid": number,
                           "parentUuid": "string",
                           "pid": number,
                           "startTime": number,
                           "userId": number,
                           "uuid": "string"
                        }
                     ],
                     "name": "string",
                     "namespacePid": number,
                     "parentUuid": "string",
                     "pid": number,
                     "pwd": "string",
                     "startTime": number,
                     "user": "string",
                     "userId": number,
                     "uuid": "string"
                  },
                  "moduleFilePath": "string",
                  "moduleName": "string",
                  "moduleSha256": "string",
                  "mountSource": "string",
                  "mountTarget": "string",
                  "releaseAgentPath": "string",
                  "runcBinaryPath": "string",
                  "scriptPath": "string",
                  "serviceName": "string",
                  "shellHistoryFilePath": "string",
                  "socketPath": "string",
                  "targetProcess": { 
                     "euid": number,
                     "executablePath": "string",
                     "executableSha256": "string",
                     "lineage": [ 
                        { 
                           "euid": number,
                           "executablePath": "string",
                           "name": "string",
                           "namespacePid": number,
                           "parentUuid": "string",
                           "pid": number,
                           "startTime": number,
                           "userId": number,
                           "uuid": "string"
                        }
                     ],
                     "name": "string",
                     "namespacePid": number,
                     "parentUuid": "string",
                     "pid": number,
                     "pwd": "string",
                     "startTime": number,
                     "user": "string",
                     "userId": number,
                     "uuid": "string"
                  },
                  "threatFilePath": "string",
                  "toolCategory": "string",
                  "toolName": "string"
               },
               "process": { 
                  "euid": number,
                  "executablePath": "string",
                  "executableSha256": "string",
                  "lineage": [ 
                     { 
                        "euid": number,
                        "executablePath": "string",
                        "name": "string",
                        "namespacePid": number,
                        "parentUuid": "string",
                        "pid": number,
                        "startTime": number,
                        "userId": number,
                        "uuid": "string"
                     }
                  ],
                  "name": "string",
                  "namespacePid": number,
                  "parentUuid": "string",
                  "pid": number,
                  "pwd": "string",
                  "startTime": number,
                  "user": "string",
                  "userId": number,
                  "uuid": "string"
               }
            },
            "serviceName": "string",
            "userFeedback": "string"
         },
         "severity": number,
         "title": "string",
         "type": "string",
         "updatedAt": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [findings](#API_GetFindings_ResponseSyntax) **   <a name="guardduty-GetFindings-response-findings"></a>
A list of findings.  
Type: Array of [Finding](API_Finding.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetFindings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetFindings) 

# GetFindingsStatistics


Lists GuardDuty findings statistics for the specified detector ID.

You must provide either `findingStatisticTypes` or `groupBy` parameter, and not both. You can use the `maxResults` and `orderBy` parameters only when using `groupBy`.

There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/findings/statistics HTTP/1.1
Content-type: application/json

{
   "findingCriteria": { 
      "criterion": { 
         "string" : { 
            "eq": [ "string" ],
            "equals": [ "string" ],
            "greaterThan": number,
            "greaterThanOrEqual": number,
            "gt": number,
            "gte": number,
            "lessThan": number,
            "lessThanOrEqual": number,
            "lt": number,
            "lte": number,
            "matches": [ "string" ],
            "neq": [ "string" ],
            "notEquals": [ "string" ],
            "notMatches": [ "string" ]
         }
      }
   },
   "findingStatisticTypes": [ "string" ],
   "groupBy": "string",
   "maxResults": number,
   "orderBy": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-uri-DetectorId"></a>
The ID of the detector whose findings statistics you want to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingCriteria](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-findingCriteria"></a>
Represents the criteria that is used for querying findings.  
Type: [FindingCriteria](API_FindingCriteria.md) object  
Required: No

 ** [findingStatisticTypes](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-findingStatisticTypes"></a>
 *This parameter has been deprecated.*   
The types of finding statistics to retrieve.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 10 items.  
Valid Values: `COUNT_BY_SEVERITY`   
Required: No

 ** [groupBy](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-groupBy"></a>
Displays the findings statistics grouped by one of the listed valid values.  
Type: String  
Valid Values: `ACCOUNT | DATE | FINDING_TYPE | RESOURCE | SEVERITY`   
Required: No

 ** [maxResults](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-maxResults"></a>
The maximum number of results to be returned in the response. The default value is 25.  
You can use this parameter only with the `groupBy` parameter.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [orderBy](#API_GetFindingsStatistics_RequestSyntax) **   <a name="guardduty-GetFindingsStatistics-request-orderBy"></a>
Displays the sorted findings in the requested order. The default value of `orderBy` is `DESC`.  
You can use this parameter only with the `groupBy` parameter.  
Type: String  
Valid Values: `ASC | DESC`   
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "findingStatistics": { 
      "countBySeverity": { 
         "string" : number 
      },
      "groupedByAccount": [ 
         { 
            "accountId": "string",
            "lastGeneratedAt": number,
            "totalFindings": number
         }
      ],
      "groupedByDate": [ 
         { 
            "date": number,
            "lastGeneratedAt": number,
            "severity": number,
            "totalFindings": number
         }
      ],
      "groupedByFindingType": [ 
         { 
            "findingType": "string",
            "lastGeneratedAt": number,
            "totalFindings": number
         }
      ],
      "groupedByResource": [ 
         { 
            "accountId": "string",
            "lastGeneratedAt": number,
            "resourceId": "string",
            "resourceType": "string",
            "totalFindings": number
         }
      ],
      "groupedBySeverity": [ 
         { 
            "lastGeneratedAt": number,
            "severity": number,
            "totalFindings": number
         }
      ]
   },
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [findingStatistics](#API_GetFindingsStatistics_ResponseSyntax) **   <a name="guardduty-GetFindingsStatistics-response-findingStatistics"></a>
The finding statistics object.  
Type: [FindingStatistics](API_FindingStatistics.md) object

 ** [nextToken](#API_GetFindingsStatistics_ResponseSyntax) **   <a name="guardduty-GetFindingsStatistics-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
This parameter is currently not supported.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetFindingsStatistics) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetFindingsStatistics) 

# GetInvitationsCount


Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

## Request Syntax


```
GET /invitation/count HTTP/1.1
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "invitationsCount": number
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [invitationsCount](#API_GetInvitationsCount_ResponseSyntax) **   <a name="guardduty-GetInvitationsCount-response-invitationsCount"></a>
The number of received invitations.  
Type: Integer

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetInvitationsCount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetInvitationsCount) 

# GetIPSet


Retrieves the IPSet specified by the `ipSetId`.

## Request Syntax


```
GET /detector/detectorId/ipset/ipSetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetIPSet_RequestSyntax) **   <a name="guardduty-GetIPSet-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the IPSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [ipSetId](#API_GetIPSet_RequestSyntax) **   <a name="guardduty-GetIPSet-request-uri-IpSetId"></a>
The unique ID of the IPSet to retrieve.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "status": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [expectedBucketOwner](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter. This field appears in the response only if it was provided during IPSet creation or update.  
Type: String  
Length Constraints: Fixed length of 12.

 ** [format](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-format"></a>
The format of the file that contains the IPSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE` 

 ** [location](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-location"></a>
The URI of the file that contains the IPSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [name](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-name"></a>
The user-friendly name for the IPSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [status](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-status"></a>
The status of IPSet file that was uploaded.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `INACTIVE | ACTIVATING | ACTIVE | DEACTIVATING | ERROR | DELETE_PENDING | DELETED` 

 ** [tags](#API_GetIPSet_ResponseSyntax) **   <a name="guardduty-GetIPSet-response-tags"></a>
The tags of the IPSet resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetIPSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetIPSet) 

# GetMalwareProtectionPlan


Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.

## Request Syntax


```
GET /malware-protection-plan/malwareProtectionPlanId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [malwareProtectionPlanId](#API_GetMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-request-uri-MalwareProtectionPlanId"></a>
A unique identifier associated with Malware Protection plan resource.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "actions": { 
      "tagging": { 
         "status": "string"
      }
   },
   "arn": "string",
   "createdAt": number,
   "protectedResource": { 
      "s3Bucket": { 
         "bucketName": "string",
         "objectPrefixes": [ "string" ]
      }
   },
   "role": "string",
   "status": "string",
   "statusReasons": [ 
      { 
         "code": "string",
         "message": "string"
      }
   ],
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [actions](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-actions"></a>
Information about whether the tags will be added to the S3 object after scanning.  
Type: [MalwareProtectionPlanActions](API_MalwareProtectionPlanActions.md) object

 ** [arn](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-arn"></a>
Amazon Resource Name (ARN) of the protected resource.  
Type: String

 ** [createdAt](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-createdAt"></a>
The timestamp when the Malware Protection plan resource was created.  
Type: Timestamp

 ** [protectedResource](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-protectedResource"></a>
Information about the protected resource that is associated with the created Malware Protection plan. Presently, `S3Bucket` is the only supported protected resource.  
Type: [CreateProtectedResource](API_CreateProtectedResource.md) object

 ** [role](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-role"></a>
Amazon Resource Name (ARN) of the IAM role that includes the permissions to scan and add tags to the associated protected resource.  
Type: String

 ** [status](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-status"></a>
Malware Protection plan status.  
Type: String  
Valid Values: `ACTIVE | WARNING | ERROR` 

 ** [statusReasons](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-statusReasons"></a>
Information about the issue code and message associated to the status of your Malware Protection plan.  
Type: Array of [MalwareProtectionPlanStatusReason](API_MalwareProtectionPlanStatusReason.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

 ** [tags](#API_GetMalwareProtectionPlan_ResponseSyntax) **   <a name="guardduty-GetMalwareProtectionPlan-response-tags"></a>
Tags added to the Malware Protection plan resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The requested resource can't be found.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 404

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMalwareProtectionPlan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMalwareProtectionPlan) 

# GetMalwareScan


Retrieves the detailed information for a specific malware scan. Each member account can view the malware scan details for their own account. An administrator can view malware scan details for all accounts in the organization.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
GET /malware-scan/scanId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [scanId](#API_GetMalwareScan_RequestSyntax) **   <a name="guardduty-GetMalwareScan-request-uri-ScanId"></a>
A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "adminDetectorId": "string",
   "detectorId": "string",
   "failedResourcesCount": number,
   "resourceArn": "string",
   "resourceType": "string",
   "scanCategory": "string",
   "scanCompletedAt": number,
   "scanConfiguration": { 
      "incrementalScanDetails": { 
         "baselineResourceArn": "string"
      },
      "recoveryPoint": { 
         "backupVaultName": "string"
      },
      "role": "string",
      "triggerDetails": { 
         "description": "string",
         "guardDutyFindingId": "string",
         "triggerType": "string"
      }
   },
   "scanId": "string",
   "scannedResources": [ 
      { 
         "resourceDetails": { 
            "ebsSnapshot": { 
               "deviceName": "string"
            },
            "ebsVolume": { 
               "deviceName": "string",
               "encryptionType": "string",
               "kmsKeyArn": "string",
               "snapshotArn": "string",
               "volumeArn": "string",
               "volumeSizeInGB": number,
               "volumeType": "string"
            }
         },
         "scannedResourceArn": "string",
         "scannedResourceStatus": "string",
         "scannedResourceType": "string",
         "scanStatusReason": "string"
      }
   ],
   "scannedResourcesCount": number,
   "scanResultDetails": { 
      "failedFileCount": number,
      "scanResultStatus": "string",
      "skippedFileCount": number,
      "threatFoundFileCount": number,
      "threats": [ 
         { 
            "count": number,
            "hash": "string",
            "itemDetails": [ 
               { 
                  "additionalInfo": { 
                     "deviceName": "string",
                     "versionId": "string"
                  },
                  "hash": "string",
                  "itemPath": "string",
                  "resourceArn": "string"
               }
            ],
            "name": "string",
            "source": "string"
         }
      ],
      "totalBytes": number,
      "totalFileCount": number,
      "uniqueThreatCount": number
   },
   "scanStartedAt": number,
   "scanStatus": "string",
   "scanStatusReason": "string",
   "scanType": "string",
   "skippedResourcesCount": number
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [adminDetectorId](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-adminDetectorId"></a>
The unique detector ID of the administrator account that the request is associated with. If the account is an administrator, the `AdminDetectorId` will be the same as the one used for `DetectorId. If the customer is not a GuardDuty customer, this field will not be present.`.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [detectorId](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-detectorId"></a>
The unique ID of the detector that is associated with the request, if it belongs to an account which is a GuardDuty customer.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [failedResourcesCount](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-failedResourcesCount"></a>
The total number of resources that failed to be scanned.  
Type: Integer  
Valid Range: Minimum value of 0.

 ** [resourceArn](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-resourceArn"></a>
Amazon Resource Name (ARN) of the resource on which a malware scan was invoked.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 200.

 ** [resourceType](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-resourceType"></a>
The type of resource that was scanned for malware.  
Type: String  
Valid Values: `EBS_RECOVERY_POINT | EBS_SNAPSHOT | EBS_VOLUME | EC2_AMI | EC2_INSTANCE | EC2_RECOVERY_POINT | S3_RECOVERY_POINT | S3_BUCKET` 

 ** [scanCategory](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanCategory"></a>
The category of the malware scan, indicating the type of scan performed.  
Type: String  
Valid Values: `FULL_SCAN | INCREMENTAL_SCAN` 

 ** [scanCompletedAt](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanCompletedAt"></a>
The timestamp representing when the malware scan was completed.  
Type: Timestamp

 ** [scanConfiguration](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanConfiguration"></a>
Information about the scan configuration used for the malware scan.  
Type: [ScanConfiguration](API_ScanConfiguration.md) object

 ** [scanId](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanId"></a>
A unique identifier associated with the malware scan. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 200.

 ** [scannedResources](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scannedResources"></a>
A list of resources along with their metadata that were scanned as part of the malware scan operation.  
Type: Array of [ScannedResource](API_ScannedResource.md) objects

 ** [scannedResourcesCount](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scannedResourcesCount"></a>
The total number of resources that were successfully scanned. This is dependent on the resource type.  
Type: Integer  
Valid Range: Minimum value of 0.

 ** [scanResultDetails](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanResultDetails"></a>
Detailed information about the results of the malware scan, if the scan completed.  
Type: [GetMalwareScanResultDetails](API_GetMalwareScanResultDetails.md) object

 ** [scanStartedAt](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanStartedAt"></a>
The timestamp representing when the malware scan was started.  
Type: Timestamp

 ** [scanStatus](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanStatus"></a>
A value representing the current status of the malware scan.  
Type: String  
Valid Values: `RUNNING | COMPLETED | COMPLETED_WITH_ISSUES | FAILED | SKIPPED` 

 ** [scanStatusReason](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanStatusReason"></a>
Represents the reason for the current scan status, if applicable.  
Type: String  
Valid Values: `ACCESS_DENIED | RESOURCE_NOT_FOUND | SNAPSHOT_SIZE_LIMIT_EXCEEDED | RESOURCE_UNAVAILABLE | INCONSISTENT_SOURCE | INCREMENTAL_NO_DIFFERENCE | NO_EBS_VOLUMES_FOUND | UNSUPPORTED_PRODUCT_CODE_TYPE | AMI_SNAPSHOT_LIMIT_EXCEEDED | UNRELATED_RESOURCES | BASE_RESOURCE_NOT_SCANNED | BASE_CREATED_AFTER_TARGET | UNSUPPORTED_FOR_INCREMENTAL | UNSUPPORTED_AMI | UNSUPPORTED_SNAPSHOT | UNSUPPORTED_COMPOSITE_RECOVERY_POINT | ALL_FILES_SKIPPED_OR_FAILED` 

 ** [scanType](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-scanType"></a>
A value representing the initiator of the scan.  
Type: String  
Valid Values: `BACKUP_INITIATED | ON_DEMAND | GUARDDUTY_INITIATED` 

 ** [skippedResourcesCount](#API_GetMalwareScan_ResponseSyntax) **   <a name="guardduty-GetMalwareScan-response-skippedResourcesCount"></a>
The total number of resources that were skipped during the scan.  
Type: Integer  
Valid Range: Minimum value of 0.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The requested resource can't be found.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 404

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMalwareScan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMalwareScan) 

# GetMalwareScanSettings


Returns the details of the malware scan settings.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
GET /detector/detectorId/malware-scan-settings HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetMalwareScanSettings_RequestSyntax) **   <a name="guardduty-GetMalwareScanSettings-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with this scan.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "ebsSnapshotPreservation": "string",
   "scanResourceCriteria": { 
      "exclude": { 
         "string" : { 
            "mapEquals": [ 
               { 
                  "key": "string",
                  "value": "string"
               }
            ]
         }
      },
      "include": { 
         "string" : { 
            "mapEquals": [ 
               { 
                  "key": "string",
                  "value": "string"
               }
            ]
         }
      }
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [ebsSnapshotPreservation](#API_GetMalwareScanSettings_ResponseSyntax) **   <a name="guardduty-GetMalwareScanSettings-response-ebsSnapshotPreservation"></a>
An enum value representing possible snapshot preservation settings.  
Type: String  
Valid Values: `NO_RETENTION | RETENTION_WITH_FINDING` 

 ** [scanResourceCriteria](#API_GetMalwareScanSettings_ResponseSyntax) **   <a name="guardduty-GetMalwareScanSettings-response-scanResourceCriteria"></a>
Represents the criteria to be used in the filter for scanning resources.  
Type: [ScanResourceCriteria](API_ScanResourceCriteria.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMalwareScanSettings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMalwareScanSettings) 

# GetMasterAccount


 *This action has been deprecated.* 

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

## Request Syntax


```
GET /detector/detectorId/master HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetMasterAccount_RequestSyntax) **   <a name="guardduty-GetMasterAccount-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "master": { 
      "accountId": "string",
      "invitationId": "string",
      "invitedAt": "string",
      "relationshipStatus": "string"
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [master](#API_GetMasterAccount_ResponseSyntax) **   <a name="guardduty-GetMasterAccount-response-master"></a>
The administrator account details.  
Type: [Master](API_Master.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMasterAccount) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMasterAccount) 

# GetMemberDetectors


Describes which data sources are enabled for the member account's detector.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/member/detector/get HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetMemberDetectors_RequestSyntax) **   <a name="guardduty-GetMemberDetectors-request-uri-DetectorId"></a>
The detector ID for the administrator account.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_GetMemberDetectors_RequestSyntax) **   <a name="guardduty-GetMemberDetectors-request-accountIds"></a>
A list of member account IDs.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "members": [ 
      { 
         "accountId": "string",
         "dataSources": { 
            "cloudTrail": { 
               "status": "string"
            },
            "dnsLogs": { 
               "status": "string"
            },
            "flowLogs": { 
               "status": "string"
            },
            "kubernetes": { 
               "auditLogs": { 
                  "status": "string"
               }
            },
            "malwareProtection": { 
               "scanEc2InstanceWithFindings": { 
                  "ebsVolumes": { 
                     "reason": "string",
                     "status": "string"
                  }
               },
               "serviceRole": "string"
            },
            "s3Logs": { 
               "status": "string"
            }
         },
         "features": [ 
            { 
               "additionalConfiguration": [ 
                  { 
                     "name": "string",
                     "status": "string",
                     "updatedAt": number
                  }
               ],
               "name": "string",
               "status": "string",
               "updatedAt": number
            }
         ]
      }
   ],
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [members](#API_GetMemberDetectors_ResponseSyntax) **   <a name="guardduty-GetMemberDetectors-response-members"></a>
An object that describes which data sources are enabled for a member account.  
Type: Array of [MemberDataSourceConfiguration](API_MemberDataSourceConfiguration.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 50 items.

 ** [unprocessedAccounts](#API_GetMemberDetectors_ResponseSyntax) **   <a name="guardduty-GetMemberDetectors-response-unprocessedAccounts"></a>
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMemberDetectors) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMemberDetectors) 

# GetMembers


Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

## Request Syntax


```
POST /detector/detectorId/member/get HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetMembers_RequestSyntax) **   <a name="guardduty-GetMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account whose members you want to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_GetMembers_RequestSyntax) **   <a name="guardduty-GetMembers-request-accountIds"></a>
A list of account IDs of the GuardDuty member accounts that you want to describe.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "members": [ 
      { 
         "accountId": "string",
         "administratorId": "string",
         "detectorId": "string",
         "email": "string",
         "invitedAt": "string",
         "masterId": "string",
         "relationshipStatus": "string",
         "updatedAt": "string"
      }
   ],
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [members](#API_GetMembers_ResponseSyntax) **   <a name="guardduty-GetMembers-response-members"></a>
A list of members.  
Type: Array of [Member](API_Member.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

 ** [unprocessedAccounts](#API_GetMembers_ResponseSyntax) **   <a name="guardduty-GetMembers-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetMembers) 

# GetOrganizationStatistics


Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API.

When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization.

## Request Syntax


```
GET /organization/statistics HTTP/1.1
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "organizationDetails": { 
      "organizationStatistics": { 
         "activeAccountsCount": number,
         "countByFeature": [ 
            { 
               "additionalConfiguration": [ 
                  { 
                     "enabledAccountsCount": number,
                     "name": "string"
                  }
               ],
               "enabledAccountsCount": number,
               "name": "string"
            }
         ],
         "enabledAccountsCount": number,
         "memberAccountsCount": number,
         "totalAccountsCount": number
      },
      "updatedAt": number
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [organizationDetails](#API_GetOrganizationStatistics_ResponseSyntax) **   <a name="guardduty-GetOrganizationStatistics-response-organizationDetails"></a>
Information about the statistics report for your organization.  
Type: [OrganizationDetails](API_OrganizationDetails.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetOrganizationStatistics) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetOrganizationStatistics) 

# GetRemainingFreeTrialDays


Provides the number of days left for each data source used in the free trial period.

## Request Syntax


```
POST /detector/detectorId/freeTrial/daysRemaining HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetRemainingFreeTrialDays_RequestSyntax) **   <a name="guardduty-GetRemainingFreeTrialDays-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty member account.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_GetRemainingFreeTrialDays_RequestSyntax) **   <a name="guardduty-GetRemainingFreeTrialDays-request-accountIds"></a>
A list of account identifiers of the GuardDuty member account.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "accounts": [ 
      { 
         "accountId": "string",
         "dataSources": { 
            "cloudTrail": { 
               "freeTrialDaysRemaining": number
            },
            "dnsLogs": { 
               "freeTrialDaysRemaining": number
            },
            "flowLogs": { 
               "freeTrialDaysRemaining": number
            },
            "kubernetes": { 
               "auditLogs": { 
                  "freeTrialDaysRemaining": number
               }
            },
            "malwareProtection": { 
               "scanEc2InstanceWithFindings": { 
                  "freeTrialDaysRemaining": number
               }
            },
            "s3Logs": { 
               "freeTrialDaysRemaining": number
            }
         },
         "features": [ 
            { 
               "freeTrialDaysRemaining": number,
               "name": "string"
            }
         ]
      }
   ],
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [accounts](#API_GetRemainingFreeTrialDays_ResponseSyntax) **   <a name="guardduty-GetRemainingFreeTrialDays-response-accounts"></a>
The member accounts which were included in a request and were processed successfully.  
Type: Array of [AccountFreeTrialInfo](API_AccountFreeTrialInfo.md) objects

 ** [unprocessedAccounts](#API_GetRemainingFreeTrialDays_ResponseSyntax) **   <a name="guardduty-GetRemainingFreeTrialDays-response-unprocessedAccounts"></a>
The member account that was included in a request but for which the request could not be processed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetRemainingFreeTrialDays) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetRemainingFreeTrialDays) 

# GetThreatEntitySet


Retrieves the threat entity set associated with the specified `threatEntitySetId`.

## Request Syntax


```
GET /detector/detectorId/threatentityset/threatEntitySetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetThreatEntitySet_RequestSyntax) **   <a name="guardduty-GetThreatEntitySet-request-uri-DetectorId"></a>
The unique ID of the detector associated with the threat entity set resource.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatEntitySetId](#API_GetThreatEntitySet_RequestSyntax) **   <a name="guardduty-GetThreatEntitySet-request-uri-ThreatEntitySetId"></a>
The unique ID that helps GuardDuty identify the threat entity set.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "createdAt": number,
   "errorDetails": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "status": "string",
   "tags": { 
      "string" : "string" 
   },
   "updatedAt": number
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [createdAt](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-createdAt"></a>
The timestamp when the associated threat entity set was created.  
Type: Timestamp

 ** [errorDetails](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-errorDetails"></a>
The error details when the status is shown as `ERROR`.  
Type: String

 ** [expectedBucketOwner](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$` 

 ** [format](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-format"></a>
The format of the file that contains the threat entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE` 

 ** [location](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-location"></a>
The URI of the file that contains the threat entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [name](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-name"></a>
The name of the threat entity set associated with the specified `threatEntitySetId`.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [status](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-status"></a>
The status of the associated threat entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `INACTIVE | ACTIVATING | ACTIVE | DEACTIVATING | ERROR | DELETE_PENDING | DELETED` 

 ** [tags](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-tags"></a>
The tags associated with the threat entity set resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

 ** [updatedAt](#API_GetThreatEntitySet_ResponseSyntax) **   <a name="guardduty-GetThreatEntitySet-response-updatedAt"></a>
The timestamp when the associated threat entity set was updated.  
Type: Timestamp

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetThreatEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetThreatEntitySet) 

# GetThreatIntelSet


Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

## Request Syntax


```
GET /detector/detectorId/threatintelset/threatIntelSetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetThreatIntelSet_RequestSyntax) **   <a name="guardduty-GetThreatIntelSet-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the threatIntelSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatIntelSetId](#API_GetThreatIntelSet_RequestSyntax) **   <a name="guardduty-GetThreatIntelSet-request-uri-ThreatIntelSetId"></a>
The unique ID of the threatIntelSet that you want to get.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "status": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [expectedBucketOwner](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter. This field appears in the response only if it was provided during ThreatIntelSet creation or update.  
Type: String  
Length Constraints: Fixed length of 12.

 ** [format](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-format"></a>
The format of the threatIntelSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE` 

 ** [location](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-location"></a>
The URI of the file that contains the ThreatIntelSet.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [name](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-name"></a>
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [status](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-status"></a>
The status of threatIntelSet file uploaded.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `INACTIVE | ACTIVATING | ACTIVE | DEACTIVATING | ERROR | DELETE_PENDING | DELETED` 

 ** [tags](#API_GetThreatIntelSet_ResponseSyntax) **   <a name="guardduty-GetThreatIntelSet-response-tags"></a>
The tags of the threat list resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetThreatIntelSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetThreatIntelSet) 

# GetTrustedEntitySet


Retrieves the trusted entity set associated with the specified `trustedEntitySetId`.

## Request Syntax


```
GET /detector/detectorId/trustedentityset/trustedEntitySetId HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetTrustedEntitySet_RequestSyntax) **   <a name="guardduty-GetTrustedEntitySet-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector associated with this trusted entity set.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [trustedEntitySetId](#API_GetTrustedEntitySet_RequestSyntax) **   <a name="guardduty-GetTrustedEntitySet-request-uri-TrustedEntitySetId"></a>
The unique ID that helps GuardDuty identify the trusted entity set.  
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "createdAt": number,
   "errorDetails": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "status": "string",
   "tags": { 
      "string" : "string" 
   },
   "updatedAt": number
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [createdAt](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-createdAt"></a>
The timestamp when the associated trusted entity set was created.  
Type: Timestamp

 ** [errorDetails](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-errorDetails"></a>
The error details when the status is shown as `ERROR`.  
Type: String

 ** [expectedBucketOwner](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$` 

 ** [format](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-format"></a>
The format of the file that contains the trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE` 

 ** [location](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-location"></a>
The URI of the file that contains the trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [name](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-name"></a>
The name of the threat entity set associated with the specified `trustedEntitySetId`.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [status](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-status"></a>
The status of the associated trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `INACTIVE | ACTIVATING | ACTIVE | DEACTIVATING | ERROR | DELETE_PENDING | DELETED` 

 ** [tags](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-tags"></a>
The tags associated with trusted entity set resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

 ** [updatedAt](#API_GetTrustedEntitySet_ResponseSyntax) **   <a name="guardduty-GetTrustedEntitySet-response-updatedAt"></a>
The timestamp when the associated trusted entity set was updated.  
Type: Timestamp

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetTrustedEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetTrustedEntitySet) 

# GetUsageStatistics


Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see [Understanding How Usage Costs are Calculated](https://docs.aws.amazon.com/guardduty/latest/ug/monitoring_costs.html#usage-calculations).

## Request Syntax


```
POST /detector/detectorId/usage/statistics HTTP/1.1
Content-type: application/json

{
   "maxResults": number,
   "nextToken": "string",
   "unit": "string",
   "usageCriteria": { 
      "accountIds": [ "string" ],
      "dataSources": [ "string" ],
      "features": [ "string" ],
      "resources": [ "string" ]
   },
   "usageStatisticsType": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-uri-DetectorId"></a>
The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [maxResults](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-maxResults"></a>
The maximum number of results to return in the response.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 50.  
Required: No

 ** [nextToken](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-nextToken"></a>
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.  
Type: String  
Required: No

 ** [unit](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-unit"></a>
The currency unit you would like to view your usage statistics in. Current valid values are USD.  
Type: String  
Required: No

 ** [usageCriteria](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-usageCriteria"></a>
Represents the criteria used for querying usage.  
Type: [UsageCriteria](API_UsageCriteria.md) object  
Required: Yes

 ** [usageStatisticsType](#API_GetUsageStatistics_RequestSyntax) **   <a name="guardduty-GetUsageStatistics-request-usageStatisticsType"></a>
The type of usage statistics to retrieve.  
Type: String  
Valid Values: `SUM_BY_ACCOUNT | SUM_BY_DATA_SOURCE | SUM_BY_RESOURCE | TOP_RESOURCES | SUM_BY_FEATURES | TOP_ACCOUNTS_BY_FEATURE`   
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "usageStatistics": { 
      "sumByAccount": [ 
         { 
            "accountId": "string",
            "total": { 
               "amount": "string",
               "unit": "string"
            }
         }
      ],
      "sumByDataSource": [ 
         { 
            "dataSource": "string",
            "total": { 
               "amount": "string",
               "unit": "string"
            }
         }
      ],
      "sumByFeature": [ 
         { 
            "feature": "string",
            "total": { 
               "amount": "string",
               "unit": "string"
            }
         }
      ],
      "sumByResource": [ 
         { 
            "resource": "string",
            "total": { 
               "amount": "string",
               "unit": "string"
            }
         }
      ],
      "topAccountsByFeature": [ 
         { 
            "accounts": [ 
               { 
                  "accountId": "string",
                  "total": { 
                     "amount": "string",
                     "unit": "string"
                  }
               }
            ],
            "feature": "string"
         }
      ],
      "topResources": [ 
         { 
            "resource": "string",
            "total": { 
               "amount": "string",
               "unit": "string"
            }
         }
      ]
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_GetUsageStatistics_ResponseSyntax) **   <a name="guardduty-GetUsageStatistics-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [usageStatistics](#API_GetUsageStatistics_ResponseSyntax) **   <a name="guardduty-GetUsageStatistics-response-usageStatistics"></a>
The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.  
Type: [UsageStatistics](API_UsageStatistics.md) object

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/GetUsageStatistics) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/GetUsageStatistics) 

# InviteMembers


Invites AWS accounts to become members of an organization administered by the AWS account that invokes this API. If you are using AWS Organizations to manage your GuardDuty environment, this step is not needed. For more information, see [Managing accounts with organizations](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).

To invite AWS accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited AWS account can choose to accept the invitation from only one AWS account. For more information, see [Managing GuardDuty accounts by invitation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_invitations.html).

After the invite has been accepted and you choose to disassociate a member account (by using [DisassociateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DisassociateMembers.html)) from your account, the details of the member account obtained by invoking [CreateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html), including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke [CreateMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html) again. To remove the details associated with a member account, you must also invoke [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html). 

If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the [InviteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html) API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the [DeleteMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html) API. 

When the member accounts added through AWS Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

## Request Syntax


```
POST /detector/detectorId/member/invite HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ],
   "disableEmailNotification": boolean,
   "message": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_InviteMembers_RequestSyntax) **   <a name="guardduty-InviteMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty account with which you want to invite members.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_InviteMembers_RequestSyntax) **   <a name="guardduty-InviteMembers-request-accountIds"></a>
A list of account IDs of the accounts that you want to invite to GuardDuty as members.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

 ** [disableEmailNotification](#API_InviteMembers_RequestSyntax) **   <a name="guardduty-InviteMembers-request-disableEmailNotification"></a>
A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.  
Type: Boolean  
Required: No

 ** [message](#API_InviteMembers_RequestSyntax) **   <a name="guardduty-InviteMembers-request-message"></a>
The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.  
Type: String  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_InviteMembers_ResponseSyntax) **   <a name="guardduty-InviteMembers-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/InviteMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/InviteMembers) 

# ListCoverage


Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.

Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources.

## Request Syntax


```
POST /detector/detectorId/coverage HTTP/1.1
Content-type: application/json

{
   "filterCriteria": { 
      "filterCriterion": [ 
         { 
            "criterionKey": "string",
            "filterCondition": { 
               "equals": [ "string" ],
               "notEquals": [ "string" ]
            }
         }
      ]
   },
   "maxResults": number,
   "nextToken": "string",
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListCoverage_RequestSyntax) **   <a name="guardduty-ListCoverage-request-uri-DetectorId"></a>
The unique ID of the detector whose coverage details you want to retrieve.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [filterCriteria](#API_ListCoverage_RequestSyntax) **   <a name="guardduty-ListCoverage-request-filterCriteria"></a>
Represents the criteria used to filter the coverage details.  
Type: [CoverageFilterCriteria](API_CoverageFilterCriteria.md) object  
Required: No

 ** [maxResults](#API_ListCoverage_RequestSyntax) **   <a name="guardduty-ListCoverage-request-maxResults"></a>
The maximum number of results to return in the response.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 50.  
Required: No

 ** [nextToken](#API_ListCoverage_RequestSyntax) **   <a name="guardduty-ListCoverage-request-nextToken"></a>
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.  
Type: String  
Required: No

 ** [sortCriteria](#API_ListCoverage_RequestSyntax) **   <a name="guardduty-ListCoverage-request-sortCriteria"></a>
Represents the criteria used to sort the coverage details.  
Type: [CoverageSortCriteria](API_CoverageSortCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "resources": [ 
      { 
         "accountId": "string",
         "coverageStatus": "string",
         "detectorId": "string",
         "issue": "string",
         "resourceDetails": { 
            "ec2InstanceDetails": { 
               "agentDetails": { 
                  "version": "string"
               },
               "clusterArn": "string",
               "instanceId": "string",
               "instanceType": "string",
               "managementType": "string"
            },
            "ecsClusterDetails": { 
               "clusterName": "string",
               "containerInstanceDetails": { 
                  "compatibleContainerInstances": number,
                  "coveredContainerInstances": number
               },
               "fargateDetails": { 
                  "issues": [ "string" ],
                  "managementType": "string"
               }
            },
            "eksClusterDetails": { 
               "addonDetails": { 
                  "addonStatus": "string",
                  "addonVersion": "string"
               },
               "clusterName": "string",
               "compatibleNodes": number,
               "coveredNodes": number,
               "managementType": "string"
            },
            "resourceType": "string"
         },
         "resourceId": "string",
         "updatedAt": number
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListCoverage_ResponseSyntax) **   <a name="guardduty-ListCoverage-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [resources](#API_ListCoverage_ResponseSyntax) **   <a name="guardduty-ListCoverage-response-resources"></a>
A list of resources and their attributes providing cluster details.  
Type: Array of [CoverageResource](API_CoverageResource.md) objects

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListCoverage) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListCoverage) 

# ListDetectors


Lists detectorIds of all the existing Amazon GuardDuty detector resources.

## Request Syntax


```
GET /detector?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [MaxResults](#API_ListDetectors_RequestSyntax) **   <a name="guardduty-ListDetectors-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListDetectors_RequestSyntax) **   <a name="guardduty-ListDetectors-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "detectorIds": [ "string" ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [detectorIds](#API_ListDetectors_ResponseSyntax) **   <a name="guardduty-ListDetectors-response-detectorIds"></a>
A list of detector IDs.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [nextToken](#API_ListDetectors_ResponseSyntax) **   <a name="guardduty-ListDetectors-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListDetectors) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListDetectors) 

# ListFilters


Returns a paginated list of the current filters.

## Request Syntax


```
GET /detector/detectorId/filter?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListFilters_RequestSyntax) **   <a name="guardduty-ListFilters-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the filter.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListFilters_RequestSyntax) **   <a name="guardduty-ListFilters-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListFilters_RequestSyntax) **   <a name="guardduty-ListFilters-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "filterNames": [ "string" ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [filterNames](#API_ListFilters_ResponseSyntax) **   <a name="guardduty-ListFilters-response-filterNames"></a>
A list of filter names.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 3. Maximum length of 64.

 ** [nextToken](#API_ListFilters_ResponseSyntax) **   <a name="guardduty-ListFilters-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListFilters) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListFilters) 

# ListFindings


Lists GuardDuty findings for the specified detector ID.

There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/findings HTTP/1.1
Content-type: application/json

{
   "findingCriteria": { 
      "criterion": { 
         "string" : { 
            "eq": [ "string" ],
            "equals": [ "string" ],
            "greaterThan": number,
            "greaterThanOrEqual": number,
            "gt": number,
            "gte": number,
            "lessThan": number,
            "lessThanOrEqual": number,
            "lt": number,
            "lte": number,
            "matches": [ "string" ],
            "neq": [ "string" ],
            "notEquals": [ "string" ],
            "notMatches": [ "string" ]
         }
      }
   },
   "maxResults": number,
   "nextToken": "string",
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListFindings_RequestSyntax) **   <a name="guardduty-ListFindings-request-uri-DetectorId"></a>
The ID of the detector that specifies the GuardDuty service whose findings you want to list.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingCriteria](#API_ListFindings_RequestSyntax) **   <a name="guardduty-ListFindings-request-findingCriteria"></a>
Represents the criteria used for querying findings. Valid values include:  
+ JSON field name
+ accountId
+ region
+ confidence
+ id
+ resource.accessKeyDetails.accessKeyId
+ resource.accessKeyDetails.principalId
+ resource.accessKeyDetails.userName
+ resource.accessKeyDetails.userType
+ resource.instanceDetails.iamInstanceProfile.id
+ resource.instanceDetails.imageId
+ resource.instanceDetails.instanceId
+ resource.instanceDetails.networkInterfaces.ipv6Addresses
+ resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+ resource.instanceDetails.networkInterfaces.publicDnsName
+ resource.instanceDetails.networkInterfaces.publicIp
+ resource.instanceDetails.networkInterfaces.securityGroups.groupId
+ resource.instanceDetails.networkInterfaces.securityGroups.groupName
+ resource.instanceDetails.networkInterfaces.subnetId
+ resource.instanceDetails.networkInterfaces.vpcId
+ resource.instanceDetails.tags.key
+ resource.instanceDetails.tags.value
+ resource.resourceType
+ service.action.actionType
+ service.action.awsApiCallAction.api
+ service.action.awsApiCallAction.callerType
+ service.action.awsApiCallAction.remoteIpDetails.city.cityName
+ service.action.awsApiCallAction.remoteIpDetails.country.countryName
+ service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+ service.action.awsApiCallAction.remoteIpDetails.organization.asn
+ service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+ service.action.awsApiCallAction.serviceName
+ service.action.dnsRequestAction.domain
+ service.action.dnsRequestAction.domainWithSuffix
+ service.action.networkConnectionAction.blocked
+ service.action.networkConnectionAction.connectionDirection
+ service.action.networkConnectionAction.localPortDetails.port
+ service.action.networkConnectionAction.protocol
+ service.action.networkConnectionAction.remoteIpDetails.country.countryName
+ service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+ service.action.networkConnectionAction.remoteIpDetails.organization.asn
+ service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+ service.action.networkConnectionAction.remotePortDetails.port
+ service.additionalInfo.threatListName
+ service.archived

  When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
+ service.ebsVolumeScanDetails.scanId
+ service.resourceRole
+ severity
+ type
+ updatedAt

  Type: Timestamp in Unix Epoch millisecond format: 1486685375000
Type: [FindingCriteria](API_FindingCriteria.md) object  
Required: No

 ** [maxResults](#API_ListFindings_RequestSyntax) **   <a name="guardduty-ListFindings-request-maxResults"></a>
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 50.  
Required: No

 ** [nextToken](#API_ListFindings_RequestSyntax) **   <a name="guardduty-ListFindings-request-nextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.  
Type: String  
Required: No

 ** [sortCriteria](#API_ListFindings_RequestSyntax) **   <a name="guardduty-ListFindings-request-sortCriteria"></a>
Represents the criteria used for sorting findings.  
Type: [SortCriteria](API_SortCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "findingIds": [ "string" ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [findingIds](#API_ListFindings_ResponseSyntax) **   <a name="guardduty-ListFindings-response-findingIds"></a>
The IDs of the findings that you're listing.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.

 ** [nextToken](#API_ListFindings_ResponseSyntax) **   <a name="guardduty-ListFindings-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListFindings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListFindings) 

# ListInvitations


Lists all GuardDuty membership invitations that were sent to the current AWS account.

## Request Syntax


```
GET /invitation?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [MaxResults](#API_ListInvitations_RequestSyntax) **   <a name="guardduty-ListInvitations-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListInvitations_RequestSyntax) **   <a name="guardduty-ListInvitations-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "invitations": [ 
      { 
         "accountId": "string",
         "invitationId": "string",
         "invitedAt": "string",
         "relationshipStatus": "string"
      }
   ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [invitations](#API_ListInvitations_ResponseSyntax) **   <a name="guardduty-ListInvitations-response-invitations"></a>
A list of invitation descriptions.  
Type: Array of [Invitation](API_Invitation.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

 ** [nextToken](#API_ListInvitations_ResponseSyntax) **   <a name="guardduty-ListInvitations-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListInvitations) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListInvitations) 

# ListIPSets


Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

## Request Syntax


```
GET /detector/detectorId/ipset?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListIPSets_RequestSyntax) **   <a name="guardduty-ListIPSets-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with IPSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListIPSets_RequestSyntax) **   <a name="guardduty-ListIPSets-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListIPSets_RequestSyntax) **   <a name="guardduty-ListIPSets-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "ipSetIds": [ "string" ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [ipSetIds](#API_ListIPSets_ResponseSyntax) **   <a name="guardduty-ListIPSets-response-ipSetIds"></a>
The IDs of the IPSet resources.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

 ** [nextToken](#API_ListIPSets_ResponseSyntax) **   <a name="guardduty-ListIPSets-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListIPSets) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListIPSets) 

# ListMalwareProtectionPlans


Lists the Malware Protection plan IDs associated with the protected resources in your AWS account.

## Request Syntax


```
GET /malware-protection-plan?nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [NextToken](#API_ListMalwareProtectionPlans_RequestSyntax) **   <a name="guardduty-ListMalwareProtectionPlans-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of `NextToken` from the previous response to continue listing data. The default page size is 100 plans.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "malwareProtectionPlans": [ 
      { 
         "malwareProtectionPlanId": "string"
      }
   ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [malwareProtectionPlans](#API_ListMalwareProtectionPlans_ResponseSyntax) **   <a name="guardduty-ListMalwareProtectionPlans-response-malwareProtectionPlans"></a>
A list of unique identifiers associated with each Malware Protection plan.  
Type: Array of [MalwareProtectionPlanSummary](API_MalwareProtectionPlanSummary.md) objects

 ** [nextToken](#API_ListMalwareProtectionPlans_ResponseSyntax) **   <a name="guardduty-ListMalwareProtectionPlans-response-nextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of `NextToken` from the previous response to continue listing data.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListMalwareProtectionPlans) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListMalwareProtectionPlans) 

# ListMalwareScans


Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all of its members' accounts.

## Request Syntax


```
POST /malware-scan?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
Content-type: application/json

{
   "filterCriteria": { 
      "filterCriterion": [ 
         { 
            "filterCondition": { 
               "equalsValue": "string",
               "greaterThan": number,
               "lessThan": number
            },
            "criterionKey": "string"
         }
      ]
   },
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [MaxResults](#API_ListMalwareScans_RequestSyntax) **   <a name="guardduty-ListMalwareScans-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListMalwareScans_RequestSyntax) **   <a name="guardduty-ListMalwareScans-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing results.

## Request Body


The request accepts the following data in JSON format.

 ** [filterCriteria](#API_ListMalwareScans_RequestSyntax) **   <a name="guardduty-ListMalwareScans-request-filterCriteria"></a>
Represents the criteria used to filter the malware scan entries.  
Type: [ListMalwareScansFilterCriteria](API_ListMalwareScansFilterCriteria.md) object  
Required: No

 ** [sortCriteria](#API_ListMalwareScans_RequestSyntax) **   <a name="guardduty-ListMalwareScans-request-sortCriteria"></a>
Represents the criteria used for sorting malware scan entries.  
Type: [SortCriteria](API_SortCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "scans": [ 
      { 
         "resourceArn": "string",
         "resourceType": "string",
         "scanCompletedAt": number,
         "scanId": "string",
         "scanResultStatus": "string",
         "scanStartedAt": number,
         "scanStatus": "string",
         "scanType": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListMalwareScans_ResponseSyntax) **   <a name="guardduty-ListMalwareScans-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more scans.  
Type: String

 ** [scans](#API_ListMalwareScans_ResponseSyntax) **   <a name="guardduty-ListMalwareScans-response-scans"></a>
The list of malware scans associated with the provided input parameters.  
Type: Array of [MalwareScan](API_MalwareScan.md) objects

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListMalwareScans) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListMalwareScans) 

# ListMembers


Lists details about all member accounts for the current GuardDuty administrator account.

## Request Syntax


```
GET /detector/detectorId/member?maxResults=MaxResults&nextToken=NextToken&onlyAssociated=OnlyAssociated HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListMembers_RequestSyntax) **   <a name="guardduty-ListMembers-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the member.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListMembers_RequestSyntax) **   <a name="guardduty-ListMembers-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListMembers_RequestSyntax) **   <a name="guardduty-ListMembers-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

 ** [OnlyAssociated](#API_ListMembers_RequestSyntax) **   <a name="guardduty-ListMembers-request-uri-OnlyAssociated"></a>
Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). Member accounts must have been previously associated with the GuardDuty administrator account using [https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html). 

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "members": [ 
      { 
         "accountId": "string",
         "administratorId": "string",
         "detectorId": "string",
         "email": "string",
         "invitedAt": "string",
         "masterId": "string",
         "relationshipStatus": "string",
         "updatedAt": "string"
      }
   ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [members](#API_ListMembers_ResponseSyntax) **   <a name="guardduty-ListMembers-response-members"></a>
A list of members.  
The values for `email` and `invitedAt` are available only if the member accounts are added by invitation.
Type: Array of [Member](API_Member.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

 ** [nextToken](#API_ListMembers_ResponseSyntax) **   <a name="guardduty-ListMembers-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListMembers) 

# ListOrganizationAdminAccounts


Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation.

## Request Syntax


```
GET /admin?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [MaxResults](#API_ListOrganizationAdminAccounts_RequestSyntax) **   <a name="guardduty-ListOrganizationAdminAccounts-request-uri-MaxResults"></a>
The maximum number of results to return in the response.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListOrganizationAdminAccounts_RequestSyntax) **   <a name="guardduty-ListOrganizationAdminAccounts-request-uri-NextToken"></a>
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the `NextToken` value returned from the previous request to continue listing results after the first page.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "adminAccounts": [ 
      { 
         "adminAccountId": "string",
         "adminStatus": "string"
      }
   ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [adminAccounts](#API_ListOrganizationAdminAccounts_ResponseSyntax) **   <a name="guardduty-ListOrganizationAdminAccounts-response-adminAccounts"></a>
A list of accounts configured as GuardDuty delegated administrators.  
Type: Array of [AdminAccount](API_AdminAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 1 item.

 ** [nextToken](#API_ListOrganizationAdminAccounts_ResponseSyntax) **   <a name="guardduty-ListOrganizationAdminAccounts-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListOrganizationAdminAccounts) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListOrganizationAdminAccounts) 

# ListPublishingDestinations


Returns a list of publishing destinations associated with the specified `detectorId`.

## Request Syntax


```
GET /detector/detectorId/publishingDestination?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListPublishingDestinations_RequestSyntax) **   <a name="guardduty-ListPublishingDestinations-request-uri-DetectorId"></a>
The detector ID for which you want to retrieve the publishing destination.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListPublishingDestinations_RequestSyntax) **   <a name="guardduty-ListPublishingDestinations-request-uri-MaxResults"></a>
The maximum number of results to return in the response.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListPublishingDestinations_RequestSyntax) **   <a name="guardduty-ListPublishingDestinations-request-uri-NextToken"></a>
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the `NextToken` value returned from the previous request to continue listing results after the first page.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "destinations": [ 
      { 
         "destinationId": "string",
         "destinationType": "string",
         "status": "string"
      }
   ],
   "nextToken": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [destinations](#API_ListPublishingDestinations_ResponseSyntax) **   <a name="guardduty-ListPublishingDestinations-response-destinations"></a>
A `Destinations` object that includes information about each publishing destination returned.  
Type: Array of [Destination](API_Destination.md) objects

 ** [nextToken](#API_ListPublishingDestinations_ResponseSyntax) **   <a name="guardduty-ListPublishingDestinations-response-nextToken"></a>
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the `NextToken` value returned from the previous request to continue listing results after the first page.  
Type: String

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListPublishingDestinations) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListPublishingDestinations) 

# ListTagsForResource


Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

## Request Syntax


```
GET /tags/resourceArn HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [resourceArn](#API_ListTagsForResource_RequestSyntax) **   <a name="guardduty-ListTagsForResource-request-uri-ResourceArn"></a>
The Amazon Resource Name (ARN) for the given GuardDuty resource.   
Pattern: `^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$`   
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "tags": { 
      "string" : "string" 
   }
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [tags](#API_ListTagsForResource_ResponseSyntax) **   <a name="guardduty-ListTagsForResource-response-tags"></a>
The tags associated with the resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListTagsForResource) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListTagsForResource) 

# ListThreatEntitySets


Lists the threat entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the threat entity sets that are returned as a response, belong to the administrator account.

## Request Syntax


```
GET /detector/detectorId/threatentityset?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListThreatEntitySets_RequestSyntax) **   <a name="guardduty-ListThreatEntitySets-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector that is associated with this threat entity set.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListThreatEntitySets_RequestSyntax) **   <a name="guardduty-ListThreatEntitySets-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListThreatEntitySets_RequestSyntax) **   <a name="guardduty-ListThreatEntitySets-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "threatEntitySetIds": [ "string" ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListThreatEntitySets_ResponseSyntax) **   <a name="guardduty-ListThreatEntitySets-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [threatEntitySetIds](#API_ListThreatEntitySets_ResponseSyntax) **   <a name="guardduty-ListThreatEntitySets-response-threatEntitySetIds"></a>
The IDs of the threat entity set resources.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListThreatEntitySets) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListThreatEntitySets) 

# ListThreatIntelSets


Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

## Request Syntax


```
GET /detector/detectorId/threatintelset?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListThreatIntelSets_RequestSyntax) **   <a name="guardduty-ListThreatIntelSets-request-uri-DetectorId"></a>
The unique ID of the detector that is associated with the threatIntelSet.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListThreatIntelSets_RequestSyntax) **   <a name="guardduty-ListThreatIntelSets-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListThreatIntelSets_RequestSyntax) **   <a name="guardduty-ListThreatIntelSets-request-uri-NextToken"></a>
You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "threatIntelSetIds": [ "string" ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListThreatIntelSets_ResponseSyntax) **   <a name="guardduty-ListThreatIntelSets-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [threatIntelSetIds](#API_ListThreatIntelSets_ResponseSyntax) **   <a name="guardduty-ListThreatIntelSets-response-threatIntelSetIds"></a>
The IDs of the ThreatIntelSet resources.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListThreatIntelSets) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListThreatIntelSets) 

# ListTrustedEntitySets


Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.

## Request Syntax


```
GET /detector/detectorId/trustedentityset?maxResults=MaxResults&nextToken=NextToken HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_ListTrustedEntitySets_RequestSyntax) **   <a name="guardduty-ListTrustedEntitySets-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector that is associated with this threat entity set.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [MaxResults](#API_ListTrustedEntitySets_RequestSyntax) **   <a name="guardduty-ListTrustedEntitySets-request-uri-MaxResults"></a>
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.  
Valid Range: Minimum value of 1. Maximum value of 50.

 ** [NextToken](#API_ListTrustedEntitySets_RequestSyntax) **   <a name="guardduty-ListTrustedEntitySets-request-uri-NextToken"></a>
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "nextToken": "string",
   "trustedEntitySetIds": [ "string" ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [nextToken](#API_ListTrustedEntitySets_ResponseSyntax) **   <a name="guardduty-ListTrustedEntitySets-response-nextToken"></a>
The pagination parameter to be used on the next list operation to retrieve more items.  
Type: String

 ** [trustedEntitySetIds](#API_ListTrustedEntitySets_ResponseSyntax) **   <a name="guardduty-ListTrustedEntitySets-response-trustedEntitySetIds"></a>
The IDs of the trusted entity set resources.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/ListTrustedEntitySets) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/ListTrustedEntitySets) 

# SendObjectMalwareScan


Initiates a malware scan for a specific S3 object. This API allows you to perform on-demand malware scanning of individual objects in S3 buckets that have Malware Protection for S3 enabled.

When you use this API, the AWS service terms for GuardDuty Malware Protection apply. For more information, see [AWS service terms for GuardDuty Malware Protection](http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty).

## Request Syntax


```
POST /object-malware-scan/send HTTP/1.1
Content-type: application/json

{
   "s3Object": { 
      "bucket": "string",
      "key": "string",
      "versionId": "string"
   }
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [s3Object](#API_SendObjectMalwareScan_RequestSyntax) **   <a name="guardduty-SendObjectMalwareScan-request-s3Object"></a>
The S3 object information for the object you want to scan. The bucket must have a Malware Protection plan configured to use this API.  
Type: [S3ObjectForSendObjectMalwareScan](API_S3ObjectForSendObjectMalwareScan.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/SendObjectMalwareScan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/SendObjectMalwareScan) 

# StartMalwareScan


Initiates the malware scan. Invoking this API will automatically create the [Service-linked role](https://docs.aws.amazon.com/guardduty/latest/ug/slr-permissions-malware-protection.html) in the corresponding account if the resourceArn belongs to an EC2 instance.

When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see [ListMalwareScans](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListMalwareScans.html) and [GetMalwareScan](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetMalwareScan.html).

When you use this API, the AWS service terms for GuardDuty Malware Protection apply. For more information, see [AWS service terms for GuardDuty Malware Protection](http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty).

## Request Syntax


```
POST /malware-scan/start HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "resourceArn": "string",
   "scanConfiguration": { 
      "incrementalScanDetails": { 
         "baselineResourceArn": "string"
      },
      "recoveryPoint": { 
         "backupVaultName": "string"
      },
      "role": "string"
   }
}
```

## URI Request Parameters


The request does not use any URI parameters.

## Request Body


The request accepts the following data in JSON format.

 ** [clientToken](#API_StartMalwareScan_RequestSyntax) **   <a name="guardduty-StartMalwareScan-request-clientToken"></a>
The idempotency token for the create request.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 64.  
Required: No

 ** [resourceArn](#API_StartMalwareScan_RequestSyntax) **   <a name="guardduty-StartMalwareScan-request-resourceArn"></a>
Amazon Resource Name (ARN) of the resource for which you invoked the API.  
Type: String  
Pattern: `^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\d+:(([A-Za-z0-9-]+)[:\/])?[A-Za-z0-9:-]*$`   
Required: Yes

 ** [scanConfiguration](#API_StartMalwareScan_RequestSyntax) **   <a name="guardduty-StartMalwareScan-request-scanConfiguration"></a>
Contains information about the configuration to be used for the malware scan.  
Type: [StartMalwareScanConfiguration](API_StartMalwareScanConfiguration.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "scanId": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [scanId](#API_StartMalwareScan_ResponseSyntax) **   <a name="guardduty-StartMalwareScan-response-scanId"></a>
A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 200.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** ConflictException **   
A request conflict exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 409

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/StartMalwareScan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/StartMalwareScan) 

# StartMonitoringMembers


Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the [StopMonitoringMembers](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_StopMonitoringMembers.html) operation.

## Request Syntax


```
POST /detector/detectorId/member/start HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_StartMonitoringMembers_RequestSyntax) **   <a name="guardduty-StartMonitoringMembers-request-uri-DetectorId"></a>
The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_StartMonitoringMembers_RequestSyntax) **   <a name="guardduty-StartMonitoringMembers-request-accountIds"></a>
A list of account IDs of the GuardDuty member accounts to start monitoring.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_StartMonitoringMembers_ResponseSyntax) **   <a name="guardduty-StartMonitoringMembers-response-unprocessedAccounts"></a>
A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/StartMonitoringMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/StartMonitoringMembers) 

# StopMonitoringMembers


Stops GuardDuty monitoring for the specified member accounts. Use the `StartMonitoringMembers` operation to restart monitoring for those accounts.

With `autoEnableOrganizationMembers` configuration for your organization set to `ALL`, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.

## Request Syntax


```
POST /detector/detectorId/member/stop HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_StopMonitoringMembers_RequestSyntax) **   <a name="guardduty-StopMonitoringMembers-request-uri-DetectorId"></a>
The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_StopMonitoringMembers_RequestSyntax) **   <a name="guardduty-StopMonitoringMembers-request-accountIds"></a>
A list of account IDs for the member accounts to stop monitoring.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_StopMonitoringMembers_ResponseSyntax) **   <a name="guardduty-StopMonitoringMembers-response-unprocessedAccounts"></a>
A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed.   
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/StopMonitoringMembers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/StopMonitoringMembers) 

# TagResource


Adds tags to a resource.

## Request Syntax


```
POST /tags/resourceArn HTTP/1.1
Content-type: application/json

{
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [resourceArn](#API_TagResource_RequestSyntax) **   <a name="guardduty-TagResource-request-uri-ResourceArn"></a>
The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.  
Pattern: `^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$`   
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [tags](#API_TagResource_RequestSyntax) **   <a name="guardduty-TagResource-request-tags"></a>
The tags to be added to a resource.  
Type: String to string map  
Map Entries: Maximum number of 200 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Value Length Constraints: Maximum length of 256.  
Required: Yes

## Response Syntax


```
HTTP/1.1 204
```

## Response Elements


If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/TagResource) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/TagResource) 

# UnarchiveFindings


Unarchives GuardDuty findings specified by the `findingIds`.

## Request Syntax


```
POST /detector/detectorId/findings/unarchive HTTP/1.1
Content-type: application/json

{
   "findingIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UnarchiveFindings_RequestSyntax) **   <a name="guardduty-UnarchiveFindings-request-uri-DetectorId"></a>
The ID of the detector associated with the findings to unarchive.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [findingIds](#API_UnarchiveFindings_RequestSyntax) **   <a name="guardduty-UnarchiveFindings-request-findingIds"></a>
The IDs of the findings to unarchive.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UnarchiveFindings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UnarchiveFindings) 

# UntagResource


Removes tags from a resource.

## Request Syntax


```
DELETE /tags/resourceArn?tagKeys=TagKeys HTTP/1.1
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [resourceArn](#API_UntagResource_RequestSyntax) **   <a name="guardduty-UntagResource-request-uri-ResourceArn"></a>
The Amazon Resource Name (ARN) for the resource to remove tags from.  
Pattern: `^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$`   
Required: Yes

 ** [TagKeys](#API_UntagResource_RequestSyntax) **   <a name="guardduty-UntagResource-request-uri-TagKeys"></a>
The tag keys to remove from the resource.  
Array Members: Minimum number of 1 item. Maximum number of 200 items.  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$`   
Required: Yes

## Request Body


The request does not have a request body.

## Response Syntax


```
HTTP/1.1 204
```

## Response Elements


If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UntagResource) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UntagResource) 

# UpdateDetector


Updates the GuardDuty detector specified by the detector ID.

Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see [Runtime Monitoring](https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html).

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId HTTP/1.1
Content-type: application/json

{
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "enable": boolean
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": boolean
         }
      },
      "s3Logs": { 
         "enable": boolean
      }
   },
   "enable": boolean,
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "name": "string",
               "status": "string"
            }
         ],
         "name": "string",
         "status": "string"
      }
   ],
   "findingPublishingFrequency": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateDetector_RequestSyntax) **   <a name="guardduty-UpdateDetector-request-uri-DetectorId"></a>
The unique ID of the detector to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [dataSources](#API_UpdateDetector_RequestSyntax) **   <a name="guardduty-UpdateDetector-request-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources will be updated.  
There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).  
Type: [DataSourceConfigurations](API_DataSourceConfigurations.md) object  
Required: No

 ** [enable](#API_UpdateDetector_RequestSyntax) **   <a name="guardduty-UpdateDetector-request-enable"></a>
Specifies whether the detector is enabled or not enabled.  
Type: Boolean  
Required: No

 ** [features](#API_UpdateDetector_RequestSyntax) **   <a name="guardduty-UpdateDetector-request-features"></a>
Provides the features that will be updated for the detector.  
Type: Array of [DetectorFeatureConfiguration](API_DetectorFeatureConfiguration.md) objects  
Required: No

 ** [findingPublishingFrequency](#API_UpdateDetector_RequestSyntax) **   <a name="guardduty-UpdateDetector-request-findingPublishingFrequency"></a>
An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.  
Type: String  
Valid Values: `FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS`   
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateDetector) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateDetector) 

# UpdateFilter


Updates the filter specified by the filter name.

## Request Syntax


```
POST /detector/detectorId/filter/filterName HTTP/1.1
Content-type: application/json

{
   "action": "string",
   "description": "string",
   "findingCriteria": { 
      "criterion": { 
         "string" : { 
            "eq": [ "string" ],
            "equals": [ "string" ],
            "greaterThan": number,
            "greaterThanOrEqual": number,
            "gt": number,
            "gte": number,
            "lessThan": number,
            "lessThanOrEqual": number,
            "lt": number,
            "lte": number,
            "matches": [ "string" ],
            "neq": [ "string" ],
            "notEquals": [ "string" ],
            "notMatches": [ "string" ]
         }
      }
   },
   "rank": number
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-uri-DetectorId"></a>
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [filterName](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-uri-FilterName"></a>
The name of the filter.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [action](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-action"></a>
Specifies the action that is to be applied to the findings that match the filter.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Valid Values: `NOOP | ARCHIVE`   
Required: No

 ** [description](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-description"></a>
The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (`{ }`, `[ ]`, and `( )`), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 512.  
Required: No

 ** [findingCriteria](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-findingCriteria"></a>
Represents the criteria to be used in the filter for querying findings.  
Type: [FindingCriteria](API_FindingCriteria.md) object  
Required: No

 ** [rank](#API_UpdateFilter_RequestSyntax) **   <a name="guardduty-UpdateFilter-request-rank"></a>
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "name": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [name](#API_UpdateFilter_ResponseSyntax) **   <a name="guardduty-UpdateFilter-response-name"></a>
The name of the filter.  
Type: String  
Length Constraints: Minimum length of 3. Maximum length of 64.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateFilter) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateFilter) 

# UpdateFindingsFeedback


Marks the specified GuardDuty findings as useful or not useful.

## Request Syntax


```
POST /detector/detectorId/findings/feedback HTTP/1.1
Content-type: application/json

{
   "comments": "string",
   "feedback": "string",
   "findingIds": [ "string" ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateFindingsFeedback_RequestSyntax) **   <a name="guardduty-UpdateFindingsFeedback-request-uri-DetectorId"></a>
The ID of the detector that is associated with the findings for which you want to update the feedback.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [comments](#API_UpdateFindingsFeedback_RequestSyntax) **   <a name="guardduty-UpdateFindingsFeedback-request-comments"></a>
Additional feedback about the GuardDuty findings.  
Type: String  
Required: No

 ** [feedback](#API_UpdateFindingsFeedback_RequestSyntax) **   <a name="guardduty-UpdateFindingsFeedback-request-feedback"></a>
The feedback for the finding.  
Type: String  
Valid Values: `USEFUL | NOT_USEFUL`   
Required: Yes

 ** [findingIds](#API_UpdateFindingsFeedback_RequestSyntax) **   <a name="guardduty-UpdateFindingsFeedback-request-findingIds"></a>
The IDs of the findings that you want to mark as useful or not useful.  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateFindingsFeedback) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateFindingsFeedback) 

# UpdateIPSet


Updates the IPSet specified by the IPSet ID.

## Request Syntax


```
POST /detector/detectorId/ipset/ipSetId HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "expectedBucketOwner": "string",
   "location": "string",
   "name": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-uri-DetectorId"></a>
The detectorID that specifies the GuardDuty service whose IPSet you want to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [ipSetId](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-uri-IpSetId"></a>
The unique ID that specifies the IPSet that you want to update.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-activate"></a>
The updated Boolean value that specifies whether the IPSet is active or not.  
Type: Boolean  
Required: No

 ** [expectedBucketOwner](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Required: No

 ** [location](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-location"></a>
The updated URI of the file that contains the IPSet.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

 ** [name](#API_UpdateIPSet_RequestSyntax) **   <a name="guardduty-UpdateIPSet-request-name"></a>
The unique ID that specifies the IPSet that you want to update.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateIPSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateIPSet) 

# UpdateMalwareProtectionPlan


Updates an existing Malware Protection plan resource.

## Request Syntax


```
PATCH /malware-protection-plan/malwareProtectionPlanId HTTP/1.1
Content-type: application/json

{
   "actions": { 
      "tagging": { 
         "status": "string"
      }
   },
   "protectedResource": { 
      "s3Bucket": { 
         "objectPrefixes": [ "string" ]
      }
   },
   "role": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [malwareProtectionPlanId](#API_UpdateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-UpdateMalwareProtectionPlan-request-uri-MalwareProtectionPlanId"></a>
A unique identifier associated with the Malware Protection plan.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [actions](#API_UpdateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-UpdateMalwareProtectionPlan-request-actions"></a>
Information about whether the tags will be added to the S3 object after scanning.  
Type: [MalwareProtectionPlanActions](API_MalwareProtectionPlanActions.md) object  
Required: No

 ** [protectedResource](#API_UpdateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-UpdateMalwareProtectionPlan-request-protectedResource"></a>
Information about the protected resource that is associated with the created Malware Protection plan. Presently, `S3Bucket` is the only supported protected resource.  
Type: [UpdateProtectedResource](API_UpdateProtectedResource.md) object  
Required: No

 ** [role](#API_UpdateMalwareProtectionPlan_RequestSyntax) **   <a name="guardduty-UpdateMalwareProtectionPlan-request-role"></a>
Amazon Resource Name (ARN) of the IAM role with permissions to scan and add tags to the associated protected resource.  
Type: String  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The requested resource can't be found.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 404

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateMalwareProtectionPlan) 

# UpdateMalwareScanSettings


Updates the malware scan settings.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/malware-scan-settings HTTP/1.1
Content-type: application/json

{
   "ebsSnapshotPreservation": "string",
   "scanResourceCriteria": { 
      "exclude": { 
         "string" : { 
            "mapEquals": [ 
               { 
                  "key": "string",
                  "value": "string"
               }
            ]
         }
      },
      "include": { 
         "string" : { 
            "mapEquals": [ 
               { 
                  "key": "string",
                  "value": "string"
               }
            ]
         }
      }
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateMalwareScanSettings_RequestSyntax) **   <a name="guardduty-UpdateMalwareScanSettings-request-uri-DetectorId"></a>
The unique ID of the detector that specifies the GuardDuty service where you want to update scan settings.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [ebsSnapshotPreservation](#API_UpdateMalwareScanSettings_RequestSyntax) **   <a name="guardduty-UpdateMalwareScanSettings-request-ebsSnapshotPreservation"></a>
An enum value representing possible snapshot preservation settings.  
Type: String  
Valid Values: `NO_RETENTION | RETENTION_WITH_FINDING`   
Required: No

 ** [scanResourceCriteria](#API_UpdateMalwareScanSettings_RequestSyntax) **   <a name="guardduty-UpdateMalwareScanSettings-request-scanResourceCriteria"></a>
Represents the criteria to be used in the filter for selecting resources to scan.  
Type: [ScanResourceCriteria](API_ScanResourceCriteria.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateMalwareScanSettings) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateMalwareScanSettings) 

# UpdateMemberDetectors


Contains information on member accounts to be updated.

Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see [Runtime Monitoring](https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html).

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/member/detector/update HTTP/1.1
Content-type: application/json

{
   "accountIds": [ "string" ],
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "enable": boolean
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": boolean
         }
      },
      "s3Logs": { 
         "enable": boolean
      }
   },
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "name": "string",
               "status": "string"
            }
         ],
         "name": "string",
         "status": "string"
      }
   ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateMemberDetectors_RequestSyntax) **   <a name="guardduty-UpdateMemberDetectors-request-uri-DetectorId"></a>
The detector ID of the administrator account.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [accountIds](#API_UpdateMemberDetectors_RequestSyntax) **   <a name="guardduty-UpdateMemberDetectors-request-accountIds"></a>
A list of member account IDs to be updated.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 50 items.  
Length Constraints: Fixed length of 12.  
Required: Yes

 ** [dataSources](#API_UpdateMemberDetectors_RequestSyntax) **   <a name="guardduty-UpdateMemberDetectors-request-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources will be updated.  
Type: [DataSourceConfigurations](API_DataSourceConfigurations.md) object  
Required: No

 ** [features](#API_UpdateMemberDetectors_RequestSyntax) **   <a name="guardduty-UpdateMemberDetectors-request-features"></a>
A list of features that will be updated for the specified member accounts.  
Type: Array of [MemberFeaturesConfiguration](API_MemberFeaturesConfiguration.md) objects  
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [unprocessedAccounts](#API_UpdateMemberDetectors_ResponseSyntax) **   <a name="guardduty-UpdateMemberDetectors-response-unprocessedAccounts"></a>
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.  
Type: Array of [UnprocessedAccount](API_UnprocessedAccount.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 50 items.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateMemberDetectors) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateMemberDetectors) 

# UpdateOrganizationConfiguration


Configures the delegated administrator account with the provided values. You must provide a value for either `autoEnableOrganizationMembers` or `autoEnable`, but not both. 

Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see [Runtime Monitoring](https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html).

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see [Regions and endpoints](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html).

## Request Syntax


```
POST /detector/detectorId/admin HTTP/1.1
Content-type: application/json

{
   "autoEnable": boolean,
   "autoEnableOrganizationMembers": "string",
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "autoEnable": boolean
         }
      },
      "malwareProtection": { 
         "scanEc2InstanceWithFindings": { 
            "ebsVolumes": { 
               "autoEnable": boolean
            }
         }
      },
      "s3Logs": { 
         "autoEnable": boolean
      }
   },
   "features": [ 
      { 
         "additionalConfiguration": [ 
            { 
               "autoEnable": "string",
               "name": "string"
            }
         ],
         "autoEnable": "string",
         "name": "string"
      }
   ]
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-UpdateOrganizationConfiguration-request-uri-DetectorId"></a>
The ID of the detector that configures the delegated administrator.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [autoEnable](#API_UpdateOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-UpdateOrganizationConfiguration-request-autoEnable"></a>
 *This parameter has been deprecated.*   
Represents whether to automatically enable member accounts in the organization. This applies to only new member accounts, not the existing member accounts. When a new account joins the organization, the chosen features will be enabled for them by default.  
Even though this is still supported, we recommend using `AutoEnableOrganizationMembers` to achieve the similar results. You must provide a value for either `autoEnableOrganizationMembers` or `autoEnable`.  
Type: Boolean  
Required: No

 ** [autoEnableOrganizationMembers](#API_UpdateOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-UpdateOrganizationConfiguration-request-autoEnableOrganizationMembers"></a>
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. You must provide a value for either `autoEnableOrganizationMembers` or `autoEnable`.   
Use one of the following configuration values for `autoEnableOrganizationMembers`:  
+  `NEW`: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically. 
+  `ALL`: Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes `NEW` accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.

  It may take up to 24 hours to update the configuration for all the member accounts.
+  `NONE`: Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.

  When you update the auto-enable setting from `ALL` or `NEW` to `NONE`, this action doesn't disable the corresponding option for your existing accounts. This configuration will apply to the new accounts that join the organization. After you update the auto-enable settings, no new account will have the corresponding option as enabled.
Type: String  
Valid Values: `NEW | ALL | NONE`   
Required: No

 ** [dataSources](#API_UpdateOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-UpdateOrganizationConfiguration-request-dataSources"></a>
 *This parameter has been deprecated.*   
Describes which data sources will be updated.  
Type: [OrganizationDataSourceConfigurations](API_OrganizationDataSourceConfigurations.md) object  
Required: No

 ** [features](#API_UpdateOrganizationConfiguration_RequestSyntax) **   <a name="guardduty-UpdateOrganizationConfiguration-request-features"></a>
A list of features that will be configured for the organization.  
Type: Array of [OrganizationFeatureConfiguration](API_OrganizationFeatureConfiguration.md) objects  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateOrganizationConfiguration) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateOrganizationConfiguration) 

# UpdatePublishingDestination


Updates information about the publishing destination specified by the `destinationId`.

## Request Syntax


```
POST /detector/detectorId/publishingDestination/destinationId HTTP/1.1
Content-type: application/json

{
   "destinationProperties": { 
      "destinationArn": "string",
      "kmsKeyArn": "string"
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [destinationId](#API_UpdatePublishingDestination_RequestSyntax) **   <a name="guardduty-UpdatePublishingDestination-request-uri-DestinationId"></a>
The ID of the publishing destination to update.  
Required: Yes

 ** [detectorId](#API_UpdatePublishingDestination_RequestSyntax) **   <a name="guardduty-UpdatePublishingDestination-request-uri-DetectorId"></a>
The ID of the detector associated with the publishing destinations to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [destinationProperties](#API_UpdatePublishingDestination_RequestSyntax) **   <a name="guardduty-UpdatePublishingDestination-request-destinationProperties"></a>
A `DestinationProperties` object that includes the `DestinationArn` and `KmsKeyArn` of the publishing destination.  
Type: [DestinationProperties](API_DestinationProperties.md) object  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdatePublishingDestination) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdatePublishingDestination) 

# UpdateThreatEntitySet


Updates the threat entity set associated with the specified `threatEntitySetId`.

## Request Syntax


```
POST /detector/detectorId/threatentityset/threatEntitySetId HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "expectedBucketOwner": "string",
   "location": "string",
   "name": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatEntitySetId](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-uri-ThreatEntitySetId"></a>
The ID returned by GuardDuty after updating the threat entity set resource.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-activate"></a>
A boolean value that indicates whether GuardDuty is to start using this updated threat entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.  
Type: Boolean  
Required: No

 ** [expectedBucketOwner](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$`   
Required: No

 ** [location](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-location"></a>
The URI of the file that contains the trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

 ** [name](#API_UpdateThreatEntitySet_RequestSyntax) **   <a name="guardduty-UpdateThreatEntitySet-request-name"></a>
A user-friendly name to identify the trusted entity set.  
The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (\$1).  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateThreatEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateThreatEntitySet) 

# UpdateThreatIntelSet


Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

## Request Syntax


```
POST /detector/detectorId/threatintelset/threatIntelSetId HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "expectedBucketOwner": "string",
   "location": "string",
   "name": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-uri-DetectorId"></a>
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [threatIntelSetId](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-uri-ThreatIntelSetId"></a>
The unique ID that specifies the ThreatIntelSet that you want to update.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-activate"></a>
The updated Boolean value that specifies whether the ThreateIntelSet is active or not.  
Type: Boolean  
Required: No

 ** [expectedBucketOwner](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Required: No

 ** [location](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-location"></a>
The updated URI of the file that contains the ThreateIntelSet.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

 ** [name](#API_UpdateThreatIntelSet_RequestSyntax) **   <a name="guardduty-UpdateThreatIntelSet-request-name"></a>
The unique ID that specifies the ThreatIntelSet that you want to update.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
An access denied exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 403

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateThreatIntelSet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateThreatIntelSet) 

# UpdateTrustedEntitySet


Updates the trusted entity set associated with the specified `trustedEntitySetId`.

## Request Syntax


```
POST /detector/detectorId/trustedentityset/trustedEntitySetId HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "expectedBucketOwner": "string",
   "location": "string",
   "name": "string"
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [detectorId](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-uri-DetectorId"></a>
The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.  
To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: Yes

 ** [trustedEntitySetId](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-uri-TrustedEntitySetId"></a>
The ID returned by GuardDuty after updating the trusted entity set resource.  
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [activate](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-activate"></a>
A boolean value that indicates whether GuardDuty is to start using this updated trusted entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.  
Type: Boolean  
Required: No

 ** [expectedBucketOwner](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-expectedBucketOwner"></a>
The AWS account ID that owns the Amazon S3 bucket specified in the **location** parameter.  
Type: String  
Length Constraints: Fixed length of 12.  
Pattern: `^[0-9]+$`   
Required: No

 ** [location](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-location"></a>
The URI of the file that contains the trusted entity set.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

 ** [name](#API_UpdateTrustedEntitySet_RequestSyntax) **   <a name="guardduty-UpdateTrustedEntitySet-request-name"></a>
A user-friendly name to identify the trusted entity set.  
The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (\$1).  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 300.  
Required: No

## Response Syntax


```
HTTP/1.1 200
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** BadRequestException **   
A bad request exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 400

 ** InternalServerErrorException **   
An internal server error exception object.    
 ** Message **   
The error message.  
 ** Type **   
The error type.
HTTP Status Code: 500

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/guardduty-2017-11-28/UpdateTrustedEntitySet) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/guardduty-2017-11-28/UpdateTrustedEntitySet)